b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39f

Analysis

max time kernel
119s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 20:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe
Size

468KB
MD5

13ac945eab34673603f420d8b33eed80
SHA1

e1811b6fcf921fe342406f4209f780c1a7661d02
SHA256

b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39f
SHA512

35703c7dea1566ec365dc73d731e9ec5703c55b9ee6eed7da137050efb7f052fe7a0d75be4670bc3ca59fcab777321a403b11379dfb6a21b40b4dab9a12c5f54
SSDEEP

3072:1G3KogIKIE5TtbYYHzcOcf8/z0haP0pkJVHeTVPyQ6ILU7ggEslL:1GaoDMTt7H4OcfsY10Q6yyggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4256	Unicorn-19474.exe
216	Unicorn-37480.exe
4548	Unicorn-57346.exe
2528	Unicorn-21550.exe
4524	Unicorn-19503.exe
2104	Unicorn-5768.exe
1900	Unicorn-62364.exe
528	Unicorn-19940.exe
2404	Unicorn-4995.exe
3124	Unicorn-9079.exe
1092	Unicorn-8814.exe
4196	Unicorn-8979.exe
4836	Unicorn-32598.exe
1940	Unicorn-47543.exe
4252	Unicorn-46796.exe
1752	Unicorn-4372.exe
4004	Unicorn-28322.exe
3516	Unicorn-56340.exe
1436	Unicorn-65270.exe
1936	Unicorn-54964.exe
3956	Unicorn-11985.exe
3936	Unicorn-1771.exe
1992	Unicorn-57657.exe
2992	Unicorn-42447.exe
4612	Unicorn-4969.exe
3088	Unicorn-15852.exe
4584	Unicorn-61523.exe
3508	Unicorn-19835.exe
4364	Unicorn-13713.exe
2328	Unicorn-13713.exe
4844	Unicorn-58638.exe
2592	Unicorn-14268.exe
1344	Unicorn-58730.exe
4976	Unicorn-22436.exe
4792	Unicorn-17606.exe
3436	Unicorn-54454.exe
4964	Unicorn-60584.exe
4888	Unicorn-31996.exe
3932	Unicorn-9437.exe
3004	Unicorn-59193.exe
5100	Unicorn-16236.exe
1624	Unicorn-54865.exe
2312	Unicorn-50284.exe
2796	Unicorn-56307.exe
3544	Unicorn-61907.exe
3948	Unicorn-8799.exe
2756	Unicorn-62639.exe
4344	Unicorn-6661.exe
4080	Unicorn-35342.exe
936	Unicorn-18914.exe
4640	Unicorn-35996.exe
2736	Unicorn-2577.exe
1592	Unicorn-4258.exe
4904	Unicorn-15213.exe
2516	Unicorn-19298.exe
1456	Unicorn-64414.exe
3656	Unicorn-2961.exe
1908	Unicorn-39718.exe
4212	Unicorn-4907.exe
4936	Unicorn-47621.exe
4788	Unicorn-10937.exe
2632	Unicorn-45748.exe
736	Unicorn-19106.exe
4728	Unicorn-18840.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3004	4548	WerFault.exe	84
5100	4548	WerFault.exe	84
4248	4252	WerFault.exe	108
1824	4196	WerFault.exe	103
2764	2992	WerFault.exe	117
4260	4196	WerFault.exe	103
872	2992	WerFault.exe	117
4884	4252	WerFault.exe	108
4140	4964	WerFault.exe	129
4884	4844	WerFault.exe	124
3648	4792	WerFault.exe	128
4588	3544	WerFault.exe	137
4100	3004	WerFault.exe	134
5664	4964	WerFault.exe	129
5860	936	WerFault.exe	155
6116	4844	WerFault.exe	124
4376	4792	WerFault.exe	128
6164	1592	WerFault.exe	158
6960	3948	WerFault.exe	151
2276	5560	WerFault.exe	265
7620	5220	WerFault.exe	218
8964	3892	WerFault.exe	203
8972	2896	WerFault.exe	198
1388	4788	WerFault.exe	170
9392	2400	WerFault.exe	199
9588	1456	WerFault.exe	163
8224	7032	WerFault.exe	354
9516	6956	WerFault.exe	394
9556	2776	WerFault.exe	418
9416	2996	WerFault.exe	372
9376	2744	WerFault.exe	375
7520	3620	WerFault.exe	390
9576	4248	WerFault.exe	174
9568	6068	WerFault.exe	244
9500	2980	WerFault.exe	181
8828	4344	WerFault.exe	153
8824	1216	WerFault.exe	205
8820	3516	WerFault.exe	112
8804	5488	WerFault.exe	222
8796	4584	WerFault.exe	119
8344	4904	WerFault.exe	159
8208	3656	WerFault.exe	164
9152	5628	WerFault.exe	228
9132	5176	WerFault.exe	215
9120	4976	WerFault.exe	127
9072	1940	WerFault.exe	107
8956	4640	WerFault.exe	156
8948	5724	WerFault.exe	232
8940	4080	WerFault.exe	154
8740	5436	WerFault.exe	220
8732	5780	WerFault.exe	234
9956	4964	WerFault.exe	401
9692	1216	WerFault.exe	205
6244	6828	WerFault.exe	398
9476	3524	WerFault.exe	404
6472	6596	WerFault.exe	377
7000	5328	WerFault.exe	376
6168	5420	WerFault.exe	362
10376	7488	WerFault.exe	429
10364	432	WerFault.exe	397
10356	4280	WerFault.exe	409
10620	3016	WerFault.exe	299
10612	6016	WerFault.exe	276
10604	6492	WerFault.exe	315

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2956.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe
4256	Unicorn-19474.exe
4548	Unicorn-57346.exe
216	Unicorn-37480.exe
2528	Unicorn-21550.exe
4524	Unicorn-19503.exe
2104	Unicorn-5768.exe
1900	Unicorn-62364.exe
528	Unicorn-19940.exe
1092	Unicorn-8814.exe
2404	Unicorn-4995.exe
3124	Unicorn-9079.exe
4196	Unicorn-8979.exe
4836	Unicorn-32598.exe
1940	Unicorn-47543.exe
4252	Unicorn-46796.exe
1752	Unicorn-4372.exe
3516	Unicorn-56340.exe
4004	Unicorn-28322.exe
1936	Unicorn-54964.exe
1436	Unicorn-65270.exe
1992	Unicorn-57657.exe
3956	Unicorn-11985.exe
3936	Unicorn-1771.exe
2992	Unicorn-42447.exe
4612	Unicorn-4969.exe
4584	Unicorn-61523.exe
3088	Unicorn-15852.exe
3508	Unicorn-19835.exe
2328	Unicorn-13713.exe
4364	Unicorn-13713.exe
4844	Unicorn-58638.exe
1344	Unicorn-58730.exe
2592	Unicorn-14268.exe
4976	Unicorn-22436.exe
4792	Unicorn-17606.exe
3436	Unicorn-54454.exe
4888	Unicorn-31996.exe
4964	Unicorn-60584.exe
3932	Unicorn-9437.exe
2796	Unicorn-56307.exe
5100	Unicorn-16236.exe
3004	Unicorn-59193.exe
1624	Unicorn-54865.exe
2312	Unicorn-50284.exe
3544	Unicorn-61907.exe
3948	Unicorn-8799.exe
2756	Unicorn-62639.exe
4344	Unicorn-6661.exe
4080	Unicorn-35342.exe
4640	Unicorn-35996.exe
936	Unicorn-18914.exe
1592	Unicorn-4258.exe
2736	Unicorn-2577.exe
4904	Unicorn-15213.exe
2516	Unicorn-19298.exe
1456	Unicorn-64414.exe
3656	Unicorn-2961.exe
4212	Unicorn-4907.exe
1908	Unicorn-39718.exe
4936	Unicorn-47621.exe
4788	Unicorn-10937.exe
736	Unicorn-19106.exe
2632	Unicorn-45748.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 4256	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	82
PID 1124 wrote to memory of 4256	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	82
PID 1124 wrote to memory of 4256	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	82
PID 1124 wrote to memory of 216	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	83
PID 1124 wrote to memory of 216	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	83
PID 1124 wrote to memory of 216	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	83
PID 4256 wrote to memory of 4548	4256	Unicorn-19474.exe	84
PID 4256 wrote to memory of 4548	4256	Unicorn-19474.exe	84
PID 4256 wrote to memory of 4548	4256	Unicorn-19474.exe	84
PID 216 wrote to memory of 2528	216	Unicorn-37480.exe	89
PID 216 wrote to memory of 2528	216	Unicorn-37480.exe	89
PID 216 wrote to memory of 2528	216	Unicorn-37480.exe	89
PID 1124 wrote to memory of 4524	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	91
PID 1124 wrote to memory of 4524	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	91
PID 1124 wrote to memory of 4524	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	91
PID 4256 wrote to memory of 2104	4256	Unicorn-19474.exe	92
PID 4256 wrote to memory of 2104	4256	Unicorn-19474.exe	92
PID 4256 wrote to memory of 2104	4256	Unicorn-19474.exe	92
PID 2528 wrote to memory of 1900	2528	Unicorn-21550.exe	98
PID 2528 wrote to memory of 1900	2528	Unicorn-21550.exe	98
PID 2528 wrote to memory of 1900	2528	Unicorn-21550.exe	98
PID 216 wrote to memory of 528	216	Unicorn-37480.exe	99
PID 216 wrote to memory of 528	216	Unicorn-37480.exe	99
PID 216 wrote to memory of 528	216	Unicorn-37480.exe	99
PID 4524 wrote to memory of 2404	4524	Unicorn-19503.exe	100
PID 4524 wrote to memory of 2404	4524	Unicorn-19503.exe	100
PID 4524 wrote to memory of 2404	4524	Unicorn-19503.exe	100
PID 2104 wrote to memory of 3124	2104	Unicorn-5768.exe	101
PID 2104 wrote to memory of 3124	2104	Unicorn-5768.exe	101
PID 2104 wrote to memory of 3124	2104	Unicorn-5768.exe	101
PID 1124 wrote to memory of 1092	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	102
PID 1124 wrote to memory of 1092	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	102
PID 1124 wrote to memory of 1092	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	102
PID 4256 wrote to memory of 4196	4256	Unicorn-19474.exe	103
PID 4256 wrote to memory of 4196	4256	Unicorn-19474.exe	103
PID 4256 wrote to memory of 4196	4256	Unicorn-19474.exe	103
PID 1900 wrote to memory of 4836	1900	Unicorn-62364.exe	106
PID 1900 wrote to memory of 4836	1900	Unicorn-62364.exe	106
PID 1900 wrote to memory of 4836	1900	Unicorn-62364.exe	106
PID 2528 wrote to memory of 1940	2528	Unicorn-21550.exe	107
PID 2528 wrote to memory of 1940	2528	Unicorn-21550.exe	107
PID 2528 wrote to memory of 1940	2528	Unicorn-21550.exe	107
PID 3124 wrote to memory of 4252	3124	Unicorn-9079.exe	108
PID 3124 wrote to memory of 4252	3124	Unicorn-9079.exe	108
PID 3124 wrote to memory of 4252	3124	Unicorn-9079.exe	108
PID 2104 wrote to memory of 1752	2104	Unicorn-5768.exe	109
PID 2104 wrote to memory of 1752	2104	Unicorn-5768.exe	109
PID 2104 wrote to memory of 1752	2104	Unicorn-5768.exe	109
PID 2404 wrote to memory of 4004	2404	Unicorn-4995.exe	111
PID 2404 wrote to memory of 4004	2404	Unicorn-4995.exe	111
PID 2404 wrote to memory of 4004	2404	Unicorn-4995.exe	111
PID 528 wrote to memory of 1436	528	Unicorn-19940.exe	113
PID 1124 wrote to memory of 3516	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	112
PID 528 wrote to memory of 1436	528	Unicorn-19940.exe	113
PID 528 wrote to memory of 1436	528	Unicorn-19940.exe	113
PID 1124 wrote to memory of 3516	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	112
PID 1124 wrote to memory of 3516	1124	b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe	112
PID 1092 wrote to memory of 1936	1092	Unicorn-8814.exe	110
PID 1092 wrote to memory of 1936	1092	Unicorn-8814.exe	110
PID 1092 wrote to memory of 1936	1092	Unicorn-8814.exe	110
PID 4196 wrote to memory of 3956	4196	Unicorn-8979.exe	115
PID 4196 wrote to memory of 3956	4196	Unicorn-8979.exe	115
PID 4196 wrote to memory of 3956	4196	Unicorn-8979.exe	115
PID 216 wrote to memory of 3936	216	Unicorn-37480.exe	114

C:\Users\Admin\AppData\Local\Temp\b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe
"C:\Users\Admin\AppData\Local\Temp\b3bf6e8d078d1db08c405ae3cc34fb848803d371351baf72eeaa5a89591ec39fN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 720
      4⤵
      Program crash
      PID:3004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 720
      4⤵
      Program crash
      PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 720
        6⤵
        Program crash
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 720
        6⤵
        Program crash
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 720
        6⤵
        Program crash
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        9⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        8⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 744
        7⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        9⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        9⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        9⤵
        
        PID:14652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 668
        7⤵
        
        PID:11452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 624
        6⤵
        Program crash
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        6⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        6⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        6⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        6⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        5⤵
        
        PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 636
        6⤵
        Program crash
        
        PID:4884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 656
        6⤵
        Program crash
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        8⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 628
        9⤵
        Program crash
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 636
        8⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 668
        7⤵
        Program crash
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        6⤵
        
        PID:5144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 720
        6⤵
        Program crash
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        5⤵
        
        PID:7500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 636
        6⤵
        
        PID:10808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 640
        6⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        6⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        6⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        5⤵
        
        PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 720
        8⤵
        Program crash
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        7⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
        6⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 540
        7⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        7⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
        7⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        6⤵
        
        PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        7⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 724
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        7⤵
        
        PID:10632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 664
        6⤵
        
        PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23227.exe
      4⤵
      PID:396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 484
        5⤵
        
        PID:10588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 484
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9429.exe
      4⤵
      PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        5⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
        6⤵
        
        PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
      4⤵
      PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
      4⤵
      PID:1388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        8⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 636
        9⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        8⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17678.exe
        7⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12966.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        8⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        6⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        7⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
        6⤵
        
        PID:13164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 736
      4⤵
      Program crash
      PID:1824
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 736
      4⤵
      Program crash
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 724
      4⤵
      Program crash
      PID:2764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 724
      4⤵
      Program crash
      PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        5⤵
        
        PID:7108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 716
        6⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        5⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        7⤵
        
        PID:14076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 656
        6⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        5⤵
        
        PID:920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
    3⤵
    PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        5⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 644
        6⤵
        
        PID:12512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 656
        5⤵
        
        PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        6⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        5⤵
        
        PID:14764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
    3⤵
    PID:4280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 640
      4⤵
      Program crash
      PID:10356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 640
      4⤵
      PID:12488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
    3⤵
    PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
      4⤵
      PID:15136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
    3⤵
    PID:13768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        9⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 668
        9⤵
        Program crash
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 736
        8⤵
        Program crash
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 736
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39090.exe
        9⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        9⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 616
        10⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        9⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        10⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        10⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 636
        10⤵
        Program crash
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        9⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
        10⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        9⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        10⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        9⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 656
        8⤵
        Program crash
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        12⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        12⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        12⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        11⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        10⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        11⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        9⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        11⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
        12⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        11⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        10⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        10⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 736
        9⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 736
        9⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        9⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 636
        10⤵
        Program crash
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        9⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        9⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        9⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        7⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 632
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        7⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        7⤵
        
        PID:9004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 504
        6⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        8⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 736
        8⤵
        Program crash
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        8⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 628
        9⤵
        Program crash
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        9⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 756
        7⤵
        Program crash
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        6⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        7⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 660
        7⤵
        Program crash
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 660
        7⤵
        Program crash
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        6⤵
        
        PID:5340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 760
        6⤵
        Program crash
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
        6⤵
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 744
        6⤵
        Program crash
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        9⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        10⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        8⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        7⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        9⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2956.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        7⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        6⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 724
        7⤵
        Program crash
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        6⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        7⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        6⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        6⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
        5⤵
        
        PID:4880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 636
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        5⤵
        
        PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 636
        7⤵
        Program crash
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 724
        9⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        9⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 652
        7⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31986.exe
        7⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 632
        8⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38926.exe
        6⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        9⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 636
        10⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 648
        9⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        8⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        6⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        9⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
        10⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        9⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        9⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        7⤵
        
        PID:8312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 756
        6⤵
        Program crash
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36302.exe
        5⤵
        
        PID:5220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 632
        6⤵
        Program crash
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        5⤵
        
        PID:2408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 756
        5⤵
        Program crash
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41206.exe
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        9⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        10⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        11⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        9⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
        7⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
        8⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        6⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        7⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35551.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        7⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        6⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        6⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 636
        7⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        5⤵
        
        PID:7404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 632
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        5⤵
        
        PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1591.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 668
        5⤵
        Program crash
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5011.exe
        9⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
        10⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 664
        6⤵
        Program crash
        
        PID:10612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 668
        5⤵
        Program crash
        
        PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6521.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45582.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        8⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
        7⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        6⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64518.exe
        7⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        6⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        7⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        5⤵
        
        PID:7568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 636
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        5⤵
        
        PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
      4⤵
      PID:2776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 640
        5⤵
        Program crash
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        5⤵
        
        PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
      4⤵
      PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
      4⤵
      PID:14392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36734.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        10⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 720
        11⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        10⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
        10⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe
        10⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        10⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        10⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 644
        11⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        10⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        10⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        11⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        10⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        7⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        9⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 632
        10⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 664
        9⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 648
        8⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 656
        7⤵
        Program crash
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        9⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        10⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        9⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63854.exe
        10⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        9⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 660
        8⤵
        Program crash
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 452
        7⤵
        Program crash
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        7⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        8⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 636
        9⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1020.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        9⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        7⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        8⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59452.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        7⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        7⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        7⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 728
        7⤵
        Program crash
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        6⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        7⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 636
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        6⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        7⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        6⤵
        
        PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
        9⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        9⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 660
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        7⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        6⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        5⤵
        
        PID:6708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 660
        5⤵
        Program crash
        
        PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
      4⤵
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 724
        6⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        5⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        5⤵
        
        PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
      4⤵
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        5⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        6⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
      4⤵
      PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
      4⤵
      PID:13464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        8⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 644
        9⤵
        Program crash
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 740
        8⤵
        Program crash
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 772
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        8⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        9⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        8⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        7⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27008.exe
        6⤵
        
        PID:6504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 744
        6⤵
        Program crash
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        7⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        7⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 724
        8⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 652
        7⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        7⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        5⤵
        
        PID:5744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 724
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        5⤵
        
        PID:14328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
    3⤵
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
      4⤵
      PID:6088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 720
        5⤵
        Program crash
        
        PID:8224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 652
      4⤵
      PID:10596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
    3⤵
    PID:4964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 636
      4⤵
      Program crash
      PID:9956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
    3⤵
    PID:8232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
    3⤵
    PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
      4⤵
      PID:14828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
    3⤵
    PID:5876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        7⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 748
        7⤵
        Program crash
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        8⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 640
        9⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        9⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        8⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        5⤵
        
        PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        7⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 628
        8⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 636
        7⤵
        Program crash
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        9⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        9⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 664
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        7⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        7⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 640
        8⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 640
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 752
        7⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        6⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 636
        7⤵
        
        PID:412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe
        6⤵
        
        PID:11484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 724
        5⤵
        Program crash
        
        PID:9120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 644
        5⤵
        Program crash
        
        PID:3648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 644
        5⤵
        Program crash
        
        PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
      4⤵
      PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        6⤵
        
        PID:5720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 656
        6⤵
        Program crash
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        6⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 632
        7⤵
        Program crash
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        5⤵
        
        PID:7576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 724
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58024.exe
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
        5⤵
        
        PID:6428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 636
        5⤵
        Program crash
        
        PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57272.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        5⤵
        
        PID:432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 724
        6⤵
        Program crash
        
        PID:10364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 652
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        5⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        6⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        6⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        5⤵
        
        PID:14260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 656
      4⤵
      PID:11428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
    3⤵
    - Executes dropped EXE
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
    3⤵
    PID:5560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 636
      4⤵
      Program crash
      PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
    3⤵
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        5⤵
        
        PID:14080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 756
      4⤵
      PID:10780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
      4⤵
      PID:14808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
    3⤵
    PID:14000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 644
        5⤵
        Program crash
        
        PID:4140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 676
        5⤵
        Program crash
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
      4⤵
      PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 720
      4⤵
      Program crash
      PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
    3⤵
    PID:464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 636
        8⤵
        Program crash
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 652
        7⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        7⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
        6⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:15304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
    3⤵
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
      4⤵
      PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
    3⤵
    PID:5556
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 720
    3⤵
    - Program crash
    PID:8820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
  2⤵
  PID:220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
  2⤵
  PID:5164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
        5⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13099.exe
        6⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24867.exe
        5⤵
        
        PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
      4⤵
      PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
      4⤵
      PID:14092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
    3⤵
    PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
    3⤵
    PID:11560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
    3⤵
    PID:13588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
    3⤵
    PID:6616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13274.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 632
    3⤵
    - Program crash
    PID:10376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
  2⤵
  PID:8520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
  2⤵
  PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
  2⤵
  PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4548 -ip 4548
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4548 -ip 4548
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4252 -ip 4252
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4196 -ip 4196
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2992 -ip 2992
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4196 -ip 4196
1⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4252 -ip 4252
1⤵
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2992 -ip 2992
1⤵
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4964 -ip 4964
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4844 -ip 4844
1⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4792 -ip 4792
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3544 -ip 3544
1⤵
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2796 -ip 2796
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1624 -ip 1624
1⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1752 -ip 1752
1⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3004 -ip 3004
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3956 -ip 3956
1⤵
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3936 -ip 3936
1⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2404 -ip 2404
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2796 -ip 2796
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1752 -ip 1752
1⤵
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1624 -ip 1624
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4964 -ip 4964
1⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 936 -ip 936
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3956 -ip 3956
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2404 -ip 2404
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3936 -ip 3936
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 936 -ip 936
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4844 -ip 4844
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4792 -ip 4792
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3004 -ip 3004
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3544 -ip 3544
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 464 -ip 464
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4280 -ip 4280
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 220 -ip 220
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4728 -ip 4728
1⤵
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2000 -ip 2000
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2252 -ip 2252
1⤵
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 2632 -ip 2632
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4812 -ip 4812
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3604 -ip 3604
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2312 -ip 2312
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1092 -ip 1092
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 1992 -ip 1992
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1436 -ip 1436
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4004 -ip 4004
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1936 -ip 1936
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2592 -ip 2592
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3932 -ip 3932
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 464 -ip 464
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4852 -ip 4852
1⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2000 -ip 2000
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5128 -ip 5128
1⤵
PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5220 -ip 5220
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5228 -ip 5228
1⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3612 -ip 3612
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 3948 -ip 3948
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4612 -ip 4612
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5508 -ip 5508
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1592 -ip 1592
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 220 -ip 220
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4728 -ip 4728
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4280 -ip 4280
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2632 -ip 2632
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4936 -ip 4936
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5608 -ip 5608
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2328 -ip 2328
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1488 -ip 1488
1⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3604 -ip 3604
1⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2252 -ip 2252
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4812 -ip 4812
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6044 -ip 6044
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 1092 -ip 1092
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6004 -ip 6004
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6088 -ip 6088
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1804 -ip 1804
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 2312 -ip 2312
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 1152 -ip 1152
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 1992 -ip 1992
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1436 -ip 1436
1⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 1936 -ip 1936
1⤵
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4004 -ip 4004
1⤵
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5220 -ip 5220
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3932 -ip 3932
1⤵
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2592 -ip 2592
1⤵
PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 4852 -ip 4852
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 5128 -ip 5128
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 5228 -ip 5228
1⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3612 -ip 3612
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4612 -ip 4612
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 5508 -ip 5508
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5596 -ip 5596
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5684 -ip 5684
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5504 -ip 5504
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5608 -ip 5608
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2408 -ip 2408
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5560 -ip 5560
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 5852 -ip 5852
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4320 -ip 4320
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6576 -ip 6576
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 4936 -ip 4936
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2328 -ip 2328
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6428 -ip 6428
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6504 -ip 6504
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5564 -ip 5564
1⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6384 -ip 6384
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6400 -ip 6400
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5640 -ip 5640
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5432 -ip 5432
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5340 -ip 5340
1⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6040 -ip 6040
1⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5720 -ip 5720
1⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5556 -ip 5556
1⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5548 -ip 5548
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5452 -ip 5452
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 1488 -ip 1488
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6044 -ip 6044
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6088 -ip 6088
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1152 -ip 1152
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6256 -ip 6256
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6004 -ip 6004
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1804 -ip 1804
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5144 -ip 5144
1⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5456 -ip 5456
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6848 -ip 6848
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6760 -ip 6760
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6708 -ip 6708
1⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 7108 -ip 7108
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7080 -ip 7080
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7060 -ip 7060
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 7044 -ip 7044
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4212 -ip 4212
1⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6100 -ip 6100
1⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1980 -ip 1980
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 5992 -ip 5992
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5576 -ip 5576
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5780 -ip 5780
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5436 -ip 5436
1⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 4080 -ip 4080
1⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4976 -ip 4976
1⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5176 -ip 5176
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 5724 -ip 5724
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 4640 -ip 4640
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3892 -ip 3892
1⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2896 -ip 2896
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4788 -ip 4788
1⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 1940 -ip 1940
1⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5628 -ip 5628
1⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3656 -ip 3656
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4904 -ip 4904
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 4584 -ip 4584
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5488 -ip 5488
1⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3516 -ip 3516
1⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 1216 -ip 1216
1⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4344 -ip 4344
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2400 -ip 2400
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 2980 -ip 2980
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6068 -ip 6068
1⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4248 -ip 4248
1⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1456 -ip 1456
1⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 5596 -ip 5596
1⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5684 -ip 5684
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5504 -ip 5504
1⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 2408 -ip 2408
1⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5852 -ip 5852
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6576 -ip 6576
1⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 4320 -ip 4320
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6428 -ip 6428
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 6504 -ip 6504
1⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 7032 -ip 7032
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6384 -ip 6384
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2744 -ip 2744
1⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2996 -ip 2996
1⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6400 -ip 6400
1⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 5564 -ip 5564
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5640 -ip 5640
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3620 -ip 3620
1⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5432 -ip 5432
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6040 -ip 6040
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5720 -ip 5720
1⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6956 -ip 6956
1⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2776 -ip 2776
1⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5340 -ip 5340
1⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5556 -ip 5556
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5548 -ip 5548
1⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5452 -ip 5452
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4964 -ip 4964
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 5420 -ip 5420
1⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5328 -ip 5328
1⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6596 -ip 6596
1⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6828 -ip 6828
1⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 3524 -ip 3524
1⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6256 -ip 6256
1⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6848 -ip 6848
1⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 5144 -ip 5144
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 7576 -ip 7576
1⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 5744 -ip 5744
1⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 4280 -ip 4280
1⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 432 -ip 432
1⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6760 -ip 6760
1⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5456 -ip 5456
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 6708 -ip 6708
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 396 -ip 396
1⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3016 -ip 3016
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 7080 -ip 7080
1⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7108 -ip 7108
1⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7044 -ip 7044
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 7060 -ip 7060
1⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 7500 -ip 7500
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6448 -ip 6448
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 6100 -ip 6100
1⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 7404 -ip 7404
1⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 7596 -ip 7596
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7216 -ip 7216
1⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2688 -ip 2688
1⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5992 -ip 5992
1⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 4212 -ip 4212
1⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 1980 -ip 1980
1⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5304 -ip 5304
1⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3544 -ip 3544
1⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 5576 -ip 5576
1⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 6480 -ip 6480
1⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 1400 -ip 1400
1⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5348 -ip 5348
1⤵
PID:13764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 6028 -ip 6028
1⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1428 -p 3436 -ip 3436
1⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4836 -ip 4836
1⤵
PID:14228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 7144 -ip 7144
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 7136 -ip 7136
1⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1508 -p 3948 -ip 3948
1⤵
PID:14392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5976 -ip 5976
1⤵
PID:15340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 3596 -ip 3596
1⤵
PID:15348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 5268 -ip 5268
1⤵
PID:14344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1552 -p 7388 -ip 7388
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1576 -p 7056 -ip 7056
1⤵
PID:14660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1608 -p 7488 -ip 7488
1⤵
PID:14932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5152 -ip 5152
1⤵
PID:15252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1520 -p 7460 -ip 7460
1⤵
PID:14340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 6016 -ip 6016
1⤵
PID:15272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6492 -ip 6492
1⤵
PID:15280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1640 -p 6440 -ip 6440
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5944 -ip 5944
1⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1668 -p 6696 -ip 6696
1⤵
PID:15060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5600 -ip 5600
1⤵
PID:15080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1716 -p 5560 -ip 5560
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1608 -p 7500 -ip 7500
1⤵
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1796 -p 7596 -ip 7596
1⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1824 -p 8312 -ip 8312
1⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 8840 -ip 8840
1⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 9540 -ip 9540
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1540 -p 8388 -ip 8388
1⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1832 -p 7772 -ip 7772
1⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 8520 -ip 8520
1⤵
PID:5948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe

Filesize
468KB

MD5
d05b5049507248a9bf1c1a6d02bfd005

SHA1
ca9656d19e8e80d73b5fd36b268ab561b6fe8f8a

SHA256
b2a82f75f543cf73131a0e3dbcaa80310b2ffdfb1f487e8977c3a59006c37d9d

SHA512
44773fab762e24bef5849eb953deda59229be3e3f0d4306e4ec4c32d4734245aa7559ee7bc96ed33213e20bc27010695f913be60655c2686dc5ff7e892200e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe

Filesize
468KB

MD5
cfa45f38b3185180e1d0e30abe30883d

SHA1
0abceff3d351d0aa00aa590166ac2378a6a7dd67

SHA256
a5cc7e68fd361fc89a9a2bdd6bdb259a590e7217b8fa7f116ed624996509fbe5

SHA512
76b62a5a5525c8b303ef72ae7f56e042edb24de75a89972adc767ce46466e95bc6a5db88a86ee0a7329cf6069735a45d92693f710fd9c3d9fd3056e00b002c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe

Filesize
468KB

MD5
3a3b81e67b2ed28d6185268160138165

SHA1
dbb9bf3719386d445c8431845264d7927fa2ecaa

SHA256
af35a481823fa3f4e5fb9ee5af0f3072ac086c2004cbc9b9728ad7ab1a03e2ea

SHA512
d556ae95fd8ff0a2b7e3581a570b502c23836f5abbc620fdda9747e27715e6438ff0fea4652a9ebcf22e5993cf144f90bc286e446bf5440382b07410db094a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe

Filesize
468KB

MD5
18d07d0584489df535cd31c4833a529c

SHA1
e2896284187886bfd59c4198660c316684e0b8d9

SHA256
a829ae9efd32aef63eea83fe9dc0eff18c2bfb7e0bf42dba40e1d0cc84bb2650

SHA512
b885e28aff158cc1660c46665c3d9e4c84ec07143094f36e1a92a48d54e17ef4a977904930f1cb98deece27c142085234181a758bbe23213d042c502ffe40f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe

Filesize
468KB

MD5
020fbde663a14287af5d88eeb5032a84

SHA1
d4a4f60eb85a8a6f2027aaa19dd8b5784427577c

SHA256
4d24196b718304b9297e2ebd4304dc41ea6c0bacaf30355d7ba8cb39fa60e395

SHA512
72c1f2e5192a71a9a459125589a49b28e076842298929cffa9371345a6065374c86ac0b2a3b66555b14eab56d4b13a589956f8892842b358cce2087c502b3e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe

Filesize
468KB

MD5
614fbeb73f736519cacdedbd3303e1a0

SHA1
120ca774a99f555eccf6dce89a4e5f8c6071fa34

SHA256
c445b604512dc142352c2e2b71711bf715b42e0143ac377c0deba86a0aa3f549

SHA512
5ab925bfae39f14f71b59be2538989fa7b5215b8803eb872c5d88ef5a366f0fb9693ae0e63d7b1ebcfd73cdb685414cf0ec7a940930b7fcdc62b218a7889ffa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe

Filesize
468KB

MD5
203fe23cfe18f04e7b7f2453d38da1e8

SHA1
650149fec5dce63bdc6f430e18e146031aa0c27d

SHA256
5a478fd2686b6981aef0a80026b3713c098c942a99fce4af44ebcffd097acfa6

SHA512
50d54b3f074375c747ca4b71cd4c17fc7fa96afd7ecff5335aae8903a0c941bb5e7bf7b835b8a4402d51d25902def3f05fb9c8939100b900f57102effb9b6370

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe

Filesize
468KB

MD5
a15bb97d6a93e2b3f597ac0c99984e5d

SHA1
c464d2aef96d3c1e3998d0e5b42bd9ca96f99256

SHA256
769adf7a19bc0712be00aa5eff82b8c7987997db8a615b62cc00d257341d1525

SHA512
fc1ffbc26085020d06318480cbee822d06f19c8b3fce76b209351c4950d34b6de87e88bb9fcc3353ab114d62535656220009552353418e15f25d151fdaae8716

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe

Filesize
468KB

MD5
76714d1b3c9fd099ad47d5c6bd835270

SHA1
1b48a90e6b2093fa7a3f74bdcb31838221935d74

SHA256
e3081ce9a01bedfe2c62a860564f8ce40b46465e537a170835804c351084b613

SHA512
8ac303d588f05bf81eef81c569d660932afdb70843c70a3eb0d30a5342f5abbe64f35b14a5f198df0b16b3fbe48e1d7934d969a9ff8d2e1eba905db3683fba25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe

Filesize
468KB

MD5
9050f24bc3b621be0ceea5b7f77bc28a

SHA1
9aaa03de1b5bda86d92eff8f66870c7a3e5e6360

SHA256
536c32a334ed6f53df8be9011b41fd68660a8e91450a67da4dc6eeea54410f58

SHA512
a6693deb210446a0ca6a68b41222b8b8a266538fa3744ee892ee6d4a32774060b1eeead99847cd2ca28dbc735031d3e27523195257629e9ff409332c6d714a36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe

Filesize
468KB

MD5
e2779cc93502f6c30a45155e1db4d39b

SHA1
42f19ede533e8396e736b5602a8d6d29bcdcf0ab

SHA256
2078d2499ec00900d2c10b02fa29c9e8a01973cc3b23392d0889443de3f580c0

SHA512
160fe84065514b35bbf4fdbf699ef4dbf5e39563daae122d7dd37ff85427419c9102365804dc78c2310494bb5247c89ce4666b69b66423c8351468156365db00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe

Filesize
468KB

MD5
40cb71b9db6e136b036f80b97e730c5a

SHA1
206d33002acdae1d3b0fdae81afed4ef7410b7e7

SHA256
cd4bd1902ca904e8de38bcab38c4d88a285ba07a1ae5738153e7ca64fdd7d51d

SHA512
b4153822d989fd15a0912077b28e3e7864d216484ca224ca87bf528a6a5a200762f42bddaac4a43989f6ef0fbf166ba36313067d1fad510da4d05f3fe9549594

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe

Filesize
468KB

MD5
9c63e86d7fb65d0ba88fac7c92a8210d

SHA1
3038547bf61cbe88ca94ef448fd4da15f98964a5

SHA256
d399d6ae4def67a1c22f3239c61db4caa35c0abf6ac1ba32cf81acc323d5f295

SHA512
4eb4282b37dc7ef3e6e50205095ceaeac7f25416073e93b9ba5b25cd9c222c0c0533c7551b807eeeb2d341eb09ae070e082f533aa9f74fefa8c579548f127f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe

Filesize
468KB

MD5
3575e4999d35029e8b74fb23d262b895

SHA1
cc0e1ad03d7a349fd20b833618a25ca781493063

SHA256
9794fb1474db590c7a8d51f98d703f486cf6bcf6d1f71d2964e9fa3fe516486b

SHA512
fd648f79cf03fa941fe4bfecdc439954ced9713cad12f712ac283b034b72cc794a2e87f2473b27f1ad7ff9edf00c5d1a845c67501e388e2cd33cdcd91dd5dd63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe

Filesize
468KB

MD5
c3ecd9501ac788bb549b4751c92af38b

SHA1
2a4ab9ca33d8888f211aefb9dca9a8bf05280a22

SHA256
a320c7fdc4e0879f07e5e823e53654a7a49e3a7edbaedc0aea49a03e458ca195

SHA512
ce498c933b22eb21356ef5864d8494817b26c6f9307f966f6a2ae3780dde675aae73b76c2307b8be6e0692bf3ca06f9437944b90c56bb366eb5811093a7445dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe

Filesize
468KB

MD5
6b43a7ddad1856fe98f80d81a1592e36

SHA1
91a0ea253ef80a86b42d9d58f3e5367ae8da9c54

SHA256
eb60208eaae8b84e1b452ba37e6d3e27b4047791aa0fc264598d4fa9538fd455

SHA512
01bb643e3b9bdb7cac910554f2d62ca29403f9d21474fa6e6fe1a8cecbd346aa70955565483f1d935ebd97771bbe24df11112744e9e95a663776f8767233075d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe

Filesize
468KB

MD5
1bc3c38ba607fdd33ebf90fad3c0aad8

SHA1
ea052690b938484c2d47d0d22b9ffc897f1d5bc0

SHA256
08a3d0f41892b19c28df56772fc8c0f42e1dec1393f4a8f0d37f0efffdd74455

SHA512
45190ecc0c1b11007cf7af97a0676e0f6d33aec2ecc1fdf9ed172b841fd4415046a8b527338fae00cb85133febb4f4b057ae83851776a4ac516071d11b045f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe

Filesize
468KB

MD5
64eab06b55b71d9346a600205adf3370

SHA1
ee9853e972353f177cbf94f292c9a729536ba443

SHA256
478cde74b160f8c0ce0b510f4327f13645324cf5f550dc3d57d6ef1101f45f74

SHA512
227a44c217c9bdad852b0d13188c9ece515c0d1ed80373e9456e47e36eb6e730095cae3877819920f5a869a851be36e8491ea88289cacc1f782f87a06b9bbc5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe

Filesize
468KB

MD5
61a0b1e3866f50fb5f0274e06da0e31d

SHA1
edada913bca3909eaa5c349d7a29f0cdb5247fa0

SHA256
40335ffb10746a8aa2b0058ec69aa6828f0e03b307837d81bbd10a1de526e7dc

SHA512
d8af112a2dd106c67ddc58cabfae5750ad2088c8647c72fcc3e53b481ac9788a90cebceecba70050de389f363b202576cf360516754b4c240bb3fd4bed5209f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe

Filesize
468KB

MD5
8c09ed9bf9a4cddfdc5b5eb4f7d80a58

SHA1
d771b03b287fb774741bd2a2555ae0ac1b7eb35b

SHA256
62e54638135b4ac6ad7e187a580e5dd71fc5cb814be12a76221c8865ccda03d8

SHA512
f2d5c21d24584af79d3a8ea4a4c2765637a91489fcbc1aa64a861ec7b8115c301a2b6cdb5e1fdcd17e8219d069ac0092774901a4b82220ff17a07d5d59c13aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe

Filesize
468KB

MD5
32bd348600a3b35b5cd37ae16d6d0e54

SHA1
17f009168757cc81b66a51418492e7c828a913a8

SHA256
0bdabc2f133846bce72fee213400bf2f69309acdcac3c1ff8ddb082f67ec8d48

SHA512
1bb7e49558e179e6503151448729205d3f07d0278484a718187a6e28a05baac95cca6ffff56e15d49dc2399a296f4efffe6024572114f4d71b6dcb49e9a43282

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe

Filesize
468KB

MD5
a885abe09d7dd3ccb3245ac4d38506d7

SHA1
f9bd0aa2ffaa9e8a45425adde082fd80be955de2

SHA256
9704f1bef7c5bf19db47a7d4db5ead93d53805167c507be9e4e4171100886061

SHA512
c3deea230141cceca7ae1db439ce33589e7e9efdddb886ac625455764c41cb12cd4ac33060c1e3326b6bfc780891addc0be53ac4a80853f93443ed75ca5dc886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe

Filesize
468KB

MD5
c753620624a998e5c54730a2fc540381

SHA1
12a27c76e04a5dc6997a455600af0e7c396b1aab

SHA256
384d76a664fd09bb871b8ce7976f9a632404e1c7441efe551cb99dea093d0dcb

SHA512
a9c283178089faf8cc0413027481d0eb2098a4ec30783116bece1b0134a5e94d87d7da7b82c97bed1cbe405d502c97a631b23a385d4288ca17106c90f4f6b6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe

Filesize
468KB

MD5
bfa01168bf418d54c855b23fa61b9ed6

SHA1
ff00609663989be804ff26137a9347f5083d80da

SHA256
43871cbb65c71332354c7debe7373fc4f03eaa2809fb2ad384678569fd2d7328

SHA512
3ff0d678f04ec6c697d47673e08606fb2ee0dbf96e7d74ff4b9d4a3dae88a0d723f5c60e79edf67779e22ac79da3a1fa22dc086a90051a1140b8f1983a8d0282

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe

Filesize
468KB

MD5
a3733939ff527878b94d99002db18f78

SHA1
80141586cb3a9ba6d5b971cb48ecf44c1fd1faed

SHA256
6281331320c1b01a0f6152a0544acd0723468c9eb9acf4f5ab27801ae9f44885

SHA512
86c36829f55bfb3774bc06ad7e5428e61ae5b6b639fa4bba746a92cdf415dd660d06f9b8efff88efd88b5611bcb147502de334b7d11e1daf59a45145045252de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe

Filesize
468KB

MD5
e361175ee13bbd990f094f1deb3fa19b

SHA1
4c06b504b31235163b6a9b2da4990f6f48945561

SHA256
b5d1e15edb599032f25ac4e7a2dca0ca8d8646a6b6545fa8702bb00b4f69c500

SHA512
fdd85cc686ba4d78a5968969cf9eb5430a627ff2d4752084f5b133fcf6d96327786eb3708e5689f7e3536b404fbf61c93d87387a516db93b52598e9e4511e5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe

Filesize
468KB

MD5
1ad32a8a99abe10601a0307bc1852602

SHA1
f9f9f791e08f9a2196d7a3fb0d9fae05c735fc74

SHA256
c0beb198372514653f212e4f516321b3e9bc13e73a5387e6e3ef666973743645

SHA512
54cdff0da99ba60215b11933b7162f63f314b41bec38027276a4acc6daebea40c4be96cf55d718f9ec2762c3e9b09219f306ca843e00395e44c1785b4b3946eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe

Filesize
468KB

MD5
c6dc9a41ebe9954e607a571e20a79477

SHA1
103b6519853d4f6696f7c24b1b8d1790889f434b

SHA256
47fc77efbb1840599375dedbc1e8780810e34bdfb876ed2661e1d16e0c8eb099

SHA512
ea7d1dd7c320391cac9b31c57623af7a8e8fa42a9a0034e659ff3cbd9c0c808eb78fb210fb6876c85bceba9b6bf675b6b08722aad8e021b550c997a006c4cf19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe

Filesize
468KB

MD5
0d0424d87481cc6569cb6a705e9c8f97

SHA1
2baa5754cb77429855a29d814711a809be327b5b

SHA256
100db7150460af67e151ae16a50d3983183cefdb3af3a9cb3926660efab256bd

SHA512
e8d4f66ecb4130218c1ab4b270f2fbc1ebf843e05ab637ea1c1ba0914ddbdcbaba7d9c8689a48d44fa73259e2ec0f986e51663b337c94e4cc3579e002186fe87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe

Filesize
468KB

MD5
d6ee4bf75c9041aeff0e4aaa86132eaf

SHA1
5b948fa84cbc88d85452f1820dd4b162f7a01844

SHA256
9acfc238ddd32e70fd12e7abe48ee6f78aa66a540f03cdde497163942da8d34e

SHA512
a91f31e8b8107050037c21b314249e0640cb4781f2aa69e270cb2b9c66827b3120da9b88c9b199b977c9e94ff7b7580f13a445cb8fbfe748572f7d563549c37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe

Filesize
468KB

MD5
adf1c81862729b15ea0a5ed231af7d9a

SHA1
80492e60c44a06b847ef99b3430fd2cac412d418

SHA256
0d5a8cdc05a655dcf94d677641f2d7df27ad2159da342c39c0ca4c4f2596e8e2

SHA512
2544518f760ceecabc5274d488023af0bc46dc081ec71ef8b225f0ec9ef8a0e08b379448ad8ef1fdb15d1a1a3ad54f803d223297fe523628ce95a564eee130f6

Download Submit
memory/3508-3052-0x0000000077AE0000-0x0000000077B04000-memory.dmp

Filesize
144KB

Download
memory/7108-2562-0x0000000075290000-0x00000000752B9000-memory.dmp

Filesize
164KB

Download
memory/8312-2599-0x00000000757E0000-0x000000007593D000-memory.dmp

Filesize
1.4MB

Download