9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ec

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe
Size

468KB
MD5

6c639fffc6a61b6e1eca9e2724d6a200
SHA1

11e53efd7dcf1a9c5723f0c31abae72d179d9ace
SHA256

9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ec
SHA512

68eed0c1c860964a68454536c64e91376976eb0f8a58b55ed8a7b13cfed8e01b46e4c0fbc3bb210dd5e000cdffaffa17b9daa8abf23b7cf2689857c55722f1c4
SSDEEP

3072:UG3HogISIE5TtbY2HzcOcf8/vChaPkp2JVHeTVPuQXsy67ggEClP:UG3obMTtxH4OcfSoHIQX34ggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2292	Unicorn-57388.exe
2320	Unicorn-57004.exe
1636	Unicorn-21487.exe
4020	Unicorn-10053.exe
1432	Unicorn-53779.exe
1564	Unicorn-57993.exe
3680	Unicorn-51863.exe
3104	Unicorn-38907.exe
3888	Unicorn-40338.exe
3404	Unicorn-28217.exe
2760	Unicorn-37546.exe
2596	Unicorn-28025.exe
2880	Unicorn-59555.exe
4196	Unicorn-39954.exe
3200	Unicorn-42524.exe
3220	Unicorn-39871.exe
1272	Unicorn-26297.exe
516	Unicorn-36311.exe
3824	Unicorn-26105.exe
1372	Unicorn-26105.exe
1656	Unicorn-46032.exe
3624	Unicorn-95.exe
1260	Unicorn-45648.exe
1472	Unicorn-22841.exe
4904	Unicorn-25641.exe
5092	Unicorn-65513.exe
4792	Unicorn-65513.exe
3900	Unicorn-42924.exe
4856	Unicorn-7407.exe
3620	Unicorn-26396.exe
1936	Unicorn-29084.exe
4012	Unicorn-22953.exe
1364	Unicorn-61673.exe
4536	Unicorn-25279.exe
720	Unicorn-45145.exe
952	Unicorn-13707.exe
2004	Unicorn-13816.exe
2888	Unicorn-29888.exe
636	Unicorn-30153.exe
448	Unicorn-24022.exe
2256	Unicorn-13551.exe
2580	Unicorn-4408.exe
3204	Unicorn-53609.exe
1940	Unicorn-16146.exe
2232	Unicorn-43026.exe
2300	Unicorn-59562.exe
2416	Unicorn-62362.exe
792	Unicorn-48627.exe
5116	Unicorn-49696.exe
4604	Unicorn-30265.exe
4404	Unicorn-10207.exe
2124	Unicorn-62937.exe
4884	Unicorn-62937.exe
2276	Unicorn-46217.exe
4936	Unicorn-9823.exe
3484	Unicorn-23558.exe
2132	Unicorn-29424.exe
5028	Unicorn-41618.exe
3832	Unicorn-15849.exe
1820	Unicorn-44992.exe
4260	Unicorn-47945.exe
3188	Unicorn-44608.exe
4480	Unicorn-64473.exe
216	Unicorn-8950.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2428	3680	WerFault.exe	92
3520	3680	WerFault.exe	92
2164	2880	WerFault.exe	98
3240	2880	WerFault.exe	98
1696	3624	WerFault.exe	112
4808	3824	WerFault.exe	110
916	4196	WerFault.exe	99
2812	1372	WerFault.exe	111
2016	3624	WerFault.exe	112
1576	3824	WerFault.exe	110
5004	1372	WerFault.exe	111
1536	4196	WerFault.exe	99
3452	1936	WerFault.exe	127
2860	448	WerFault.exe	133
1792	5116	WerFault.exe	147
3296	1940	WerFault.exe	142
4524	2232	WerFault.exe	143
2880	2124	WerFault.exe	163
5980	5116	WerFault.exe	147
5280	4936	WerFault.exe	166
5240	3484	WerFault.exe	167
4340	1636	WerFault.exe	88
1940	2552	WerFault.exe	199
4304	2300	WerFault.exe	144
6696	1536	WerFault.exe	219
7156	1552	WerFault.exe	235
7464	2748	WerFault.exe	185
8008	2060	WerFault.exe	212
7424	5092	WerFault.exe	118
6120	4404	WerFault.exe	162
6980	4604	WerFault.exe	161
6296	5028	WerFault.exe	169
9940	5564	WerFault.exe	258
10148	4536	WerFault.exe	129
9956	4808	WerFault.exe	181
8040	5560	WerFault.exe	303
10112	1012	WerFault.exe	178
9868	5716	WerFault.exe	265
10416	1364	WerFault.exe	128
10408	6068	WerFault.exe	280
10400	3520	WerFault.exe	300
10392	952	WerFault.exe	131
10368	2328	WerFault.exe	326
10360	5836	WerFault.exe	299
10000	5132	WerFault.exe	244
2388	5964	WerFault.exe	274
6756	2164	WerFault.exe	237
3784	6628	WerFault.exe	435
9932	4568	WerFault.exe	242
10072	6236	WerFault.exe	405
8016	1592	WerFault.exe	426
9764	6852	WerFault.exe	432
9588	5124	WerFault.exe	442
6820	3044	WerFault.exe	307
9904	5476	WerFault.exe	256
10288	7596	WerFault.exe	461
10388	5320	WerFault.exe	323
10808	6728	WerFault.exe	490
11832	5528	WerFault.exe	524
11816	7172	WerFault.exe	495
548	6304	WerFault.exe	357
12176	5728	WerFault.exe	404
12024	7028	WerFault.exe	383
10992	6800	WerFault.exe	376

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12760.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe
2292	Unicorn-57388.exe
2320	Unicorn-57004.exe
1636	Unicorn-21487.exe
4020	Unicorn-10053.exe
1432	Unicorn-53779.exe
1564	Unicorn-57993.exe
3680	Unicorn-51863.exe
3104	Unicorn-38907.exe
3888	Unicorn-40338.exe
3404	Unicorn-28217.exe
2596	Unicorn-28025.exe
2880	Unicorn-59555.exe
2760	Unicorn-37546.exe
4196	Unicorn-39954.exe
3200	Unicorn-42524.exe
3220	Unicorn-39871.exe
1272	Unicorn-26297.exe
516	Unicorn-36311.exe
1372	Unicorn-26105.exe
1656	Unicorn-46032.exe
5092	Unicorn-65513.exe
4904	Unicorn-25641.exe
3824	Unicorn-26105.exe
3624	Unicorn-95.exe
1260	Unicorn-45648.exe
1472	Unicorn-22841.exe
4792	Unicorn-65513.exe
3900	Unicorn-42924.exe
4856	Unicorn-7407.exe
3620	Unicorn-26396.exe
1936	Unicorn-29084.exe
4012	Unicorn-22953.exe
1364	Unicorn-61673.exe
4536	Unicorn-25279.exe
720	Unicorn-45145.exe
952	Unicorn-13707.exe
2888	Unicorn-29888.exe
448	Unicorn-24022.exe
636	Unicorn-30153.exe
2256	Unicorn-13551.exe
2580	Unicorn-4408.exe
2004	Unicorn-13816.exe
3204	Unicorn-53609.exe
5116	Unicorn-49696.exe
2416	Unicorn-62362.exe
2300	Unicorn-59562.exe
2232	Unicorn-43026.exe
1940	Unicorn-16146.exe
792	Unicorn-48627.exe
4604	Unicorn-30265.exe
4404	Unicorn-10207.exe
4884	Unicorn-62937.exe
2124	Unicorn-62937.exe
2276	Unicorn-46217.exe
4936	Unicorn-9823.exe
3832	Unicorn-15849.exe
3484	Unicorn-23558.exe
2132	Unicorn-29424.exe
5028	Unicorn-41618.exe
1820	Unicorn-44992.exe
4480	Unicorn-64473.exe
4260	Unicorn-47945.exe
3188	Unicorn-44608.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2292	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	86
PID 2900 wrote to memory of 2292	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	86
PID 2900 wrote to memory of 2292	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	86
PID 2292 wrote to memory of 2320	2292	Unicorn-57388.exe	87
PID 2292 wrote to memory of 2320	2292	Unicorn-57388.exe	87
PID 2292 wrote to memory of 2320	2292	Unicorn-57388.exe	87
PID 2900 wrote to memory of 1636	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	88
PID 2900 wrote to memory of 1636	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	88
PID 2900 wrote to memory of 1636	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	88
PID 2320 wrote to memory of 4020	2320	Unicorn-57004.exe	89
PID 2320 wrote to memory of 4020	2320	Unicorn-57004.exe	89
PID 2320 wrote to memory of 4020	2320	Unicorn-57004.exe	89
PID 2292 wrote to memory of 1432	2292	Unicorn-57388.exe	90
PID 2292 wrote to memory of 1432	2292	Unicorn-57388.exe	90
PID 2292 wrote to memory of 1432	2292	Unicorn-57388.exe	90
PID 1636 wrote to memory of 1564	1636	Unicorn-21487.exe	91
PID 1636 wrote to memory of 1564	1636	Unicorn-21487.exe	91
PID 1636 wrote to memory of 1564	1636	Unicorn-21487.exe	91
PID 2900 wrote to memory of 3680	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	92
PID 2900 wrote to memory of 3680	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	92
PID 2900 wrote to memory of 3680	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	92
PID 4020 wrote to memory of 3104	4020	Unicorn-10053.exe	93
PID 4020 wrote to memory of 3104	4020	Unicorn-10053.exe	93
PID 4020 wrote to memory of 3104	4020	Unicorn-10053.exe	93
PID 2320 wrote to memory of 3888	2320	Unicorn-57004.exe	94
PID 2320 wrote to memory of 3888	2320	Unicorn-57004.exe	94
PID 2320 wrote to memory of 3888	2320	Unicorn-57004.exe	94
PID 1432 wrote to memory of 3404	1432	Unicorn-53779.exe	95
PID 1432 wrote to memory of 3404	1432	Unicorn-53779.exe	95
PID 1432 wrote to memory of 3404	1432	Unicorn-53779.exe	95
PID 2292 wrote to memory of 2760	2292	Unicorn-57388.exe	96
PID 2292 wrote to memory of 2760	2292	Unicorn-57388.exe	96
PID 2292 wrote to memory of 2760	2292	Unicorn-57388.exe	96
PID 1564 wrote to memory of 2596	1564	Unicorn-57993.exe	97
PID 1564 wrote to memory of 2596	1564	Unicorn-57993.exe	97
PID 1564 wrote to memory of 2596	1564	Unicorn-57993.exe	97
PID 2900 wrote to memory of 2880	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	98
PID 2900 wrote to memory of 2880	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	98
PID 2900 wrote to memory of 2880	2900	9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe	98
PID 1636 wrote to memory of 4196	1636	Unicorn-21487.exe	99
PID 1636 wrote to memory of 4196	1636	Unicorn-21487.exe	99
PID 1636 wrote to memory of 4196	1636	Unicorn-21487.exe	99
PID 3104 wrote to memory of 3200	3104	Unicorn-38907.exe	106
PID 3104 wrote to memory of 3200	3104	Unicorn-38907.exe	106
PID 3104 wrote to memory of 3200	3104	Unicorn-38907.exe	106
PID 4020 wrote to memory of 3220	4020	Unicorn-10053.exe	107
PID 4020 wrote to memory of 3220	4020	Unicorn-10053.exe	107
PID 4020 wrote to memory of 3220	4020	Unicorn-10053.exe	107
PID 3888 wrote to memory of 1272	3888	Unicorn-40338.exe	108
PID 3888 wrote to memory of 1272	3888	Unicorn-40338.exe	108
PID 3888 wrote to memory of 1272	3888	Unicorn-40338.exe	108
PID 2320 wrote to memory of 516	2320	Unicorn-57004.exe	109
PID 2320 wrote to memory of 516	2320	Unicorn-57004.exe	109
PID 2320 wrote to memory of 516	2320	Unicorn-57004.exe	109
PID 3404 wrote to memory of 1372	3404	Unicorn-28217.exe	111
PID 3404 wrote to memory of 1372	3404	Unicorn-28217.exe	111
PID 3404 wrote to memory of 1372	3404	Unicorn-28217.exe	111
PID 2760 wrote to memory of 3824	2760	Unicorn-37546.exe	110
PID 2760 wrote to memory of 3824	2760	Unicorn-37546.exe	110
PID 2760 wrote to memory of 3824	2760	Unicorn-37546.exe	110
PID 2292 wrote to memory of 3624	2292	Unicorn-57388.exe	112
PID 2292 wrote to memory of 3624	2292	Unicorn-57388.exe	112
PID 2292 wrote to memory of 3624	2292	Unicorn-57388.exe	112
PID 1432 wrote to memory of 1656	1432	Unicorn-53779.exe	113

C:\Users\Admin\AppData\Local\Temp\9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe
"C:\Users\Admin\AppData\Local\Temp\9d4da235c07c190b81cea0ec2dc687e93815de1d45b56902206302dcafcb72ecN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 628
        12⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 776
        10⤵
        Program crash
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        10⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 632
        11⤵
        Program crash
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        10⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
        11⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        10⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        10⤵
        
        PID:15088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 744
        9⤵
        Program crash
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        10⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        9⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        10⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        9⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-972.exe
        9⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        8⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 640
        9⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        8⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 724
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        9⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        10⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 644
        11⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17340.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        10⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        9⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        10⤵
        
        PID:14748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 800
        8⤵
        Program crash
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 632
        9⤵
        Program crash
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        8⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        9⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        10⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        9⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        8⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 744
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        7⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 636
        8⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        7⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 724
        7⤵
        Program crash
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
        9⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        8⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 720
        7⤵
        Program crash
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        7⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 616
        8⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 740
        7⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
        6⤵
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 720
        6⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 720
        8⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 636
        7⤵
        Program crash
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        8⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 636
        9⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 716
        8⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 720
        7⤵
        Program crash
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48285.exe
        7⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        7⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 720
        8⤵
        Program crash
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        9⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 608
        10⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        9⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        9⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        9⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        9⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38061.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        9⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        7⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 684
        7⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        6⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 616
        7⤵
        Program crash
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        9⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2860.exe
        8⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
        7⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 636
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        6⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 636
        7⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        6⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 684
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        8⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        8⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        7⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
        6⤵
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        7⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        6⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        7⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37309.exe
        6⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        6⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        5⤵
        
        PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 720
        7⤵
        Program crash
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
        10⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        11⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        11⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        11⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        10⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        9⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 632
        10⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 636
        9⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        8⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        10⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 752
        9⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 660
        8⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        8⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 636
        9⤵
        Program crash
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 664
        8⤵
        Program crash
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 624
        7⤵
        Program crash
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 640
        10⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        9⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        9⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 636
        10⤵
        
        PID:14024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 636
        10⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        9⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        8⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        7⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 624
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        7⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24278.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 648
        8⤵
        
        PID:13380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 632
        7⤵
        
        PID:13072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 720
        6⤵
        Program crash
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        9⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        10⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        9⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 664
        8⤵
        Program crash
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 628
        8⤵
        Program crash
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        8⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        7⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        6⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        6⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        6⤵
        
        PID:6820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 724
        6⤵
        Program crash
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        6⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 636
        7⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        6⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
        5⤵
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
        6⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        9⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 640
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        9⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        9⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
        8⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15020.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        8⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 752
        7⤵
        Program crash
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        6⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        7⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        5⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20114.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        9⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        7⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        6⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        6⤵
        
        PID:2224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 756
        6⤵
        Program crash
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        8⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 668
        7⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        6⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        6⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        6⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        6⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64515.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
        7⤵
        
        PID:9476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 628
        6⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        5⤵
        
        PID:4556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 636
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19342.exe
      4⤵
      PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        5⤵
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
      4⤵
      PID:14344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 636
        6⤵
        Program crash
        
        PID:2812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 636
        6⤵
        Program crash
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        7⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 636
        8⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 744
        7⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        6⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        6⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        6⤵
        
        PID:6716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 632
        6⤵
        Program crash
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 636
        6⤵
        Program crash
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
        9⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        9⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        9⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        9⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 664
        8⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        7⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        7⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 632
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9315.exe
        7⤵
        
        PID:14120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 756
        6⤵
        Program crash
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
        6⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        9⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 636
        10⤵
        Program crash
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        9⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63814.exe
        10⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 644
        8⤵
        Program crash
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 644
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        8⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        8⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 628
        7⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        5⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        7⤵
        
        PID:10048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 644
        6⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        5⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        6⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 644
        5⤵
        Program crash
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        8⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64454.exe
        8⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        5⤵
        
        PID:1592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 636
        6⤵
        Program crash
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        6⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        5⤵
        
        PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        5⤵
        
        PID:6856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 720
        5⤵
        Program crash
        
        PID:10408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 720
        5⤵
        
        PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
      4⤵
      PID:6828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 624
        5⤵
        
        PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
      4⤵
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        5⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        5⤵
        
        PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
      4⤵
      PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
      4⤵
      PID:15280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 724
        5⤵
        Program crash
        
        PID:4808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 724
        5⤵
        Program crash
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 636
        5⤵
        Program crash
        
        PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 636
      4⤵
      Program crash
      PID:1696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 636
      4⤵
      Program crash
      PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        7⤵
        
        PID:12936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 736
        6⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        6⤵
        
        PID:7428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 652
        6⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        5⤵
        
        PID:8248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 636
        6⤵
        
        PID:14008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 664
        5⤵
        
        PID:1976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 660
      4⤵
      Program crash
      PID:4304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        5⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
        6⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 640
        7⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        6⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        5⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        6⤵
        
        PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        6⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
        6⤵
        
        PID:12420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 728
        5⤵
        Program crash
        
        PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
      4⤵
      PID:4960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 636
        5⤵
        
        PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
      4⤵
      PID:10568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        7⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48534.exe
        6⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        7⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        6⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        5⤵
        
        PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        5⤵
        
        PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
      4⤵
      PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
    3⤵
    PID:8408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
    3⤵
    PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
      4⤵
      PID:10172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
    3⤵
    PID:14756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
        10⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        11⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28316.exe
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 648
        10⤵
        Program crash
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        10⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 716
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        9⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        7⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        9⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 692
        10⤵
        Program crash
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        9⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 660
        8⤵
        Program crash
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        7⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 720
        8⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 624
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe
        6⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        9⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        9⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        10⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 716
        8⤵
        Program crash
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        7⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 640
        8⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        8⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        7⤵
        
        PID:13908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 720
        6⤵
        Program crash
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 728
        6⤵
        Program crash
        
        PID:1792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 748
        6⤵
        Program crash
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        6⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        7⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        5⤵
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        8⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 588
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        6⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        7⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62009.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28905.exe
        9⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 720
        9⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 640
        8⤵
        Program crash
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        7⤵
        
        PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
      4⤵
      PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        5⤵
        
        PID:14408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        9⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        9⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 664
        8⤵
        Program crash
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 768
        7⤵
        Program crash
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9730.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        9⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        9⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 652
        8⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        7⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 632
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        7⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        6⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 632
        7⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        6⤵
        
        PID:13364
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 740
      4⤵
      Program crash
      PID:916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 740
      4⤵
      Program crash
      PID:1536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        6⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        7⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        6⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 636
        7⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        7⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        6⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        5⤵
        
        PID:3836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 760
        5⤵
        Program crash
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        5⤵
        
        PID:6212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 664
        5⤵
        Program crash
        
        PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
      4⤵
      PID:6236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 636
        5⤵
        Program crash
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        5⤵
        
        PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
      4⤵
      PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
        8⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        7⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        6⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        6⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        5⤵
        
        PID:116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 632
        5⤵
        Program crash
        
        PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        5⤵
        
        PID:1376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 636
        6⤵
        
        PID:11936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 624
        5⤵
        
        PID:10676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 624
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
      4⤵
      PID:8468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 724
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
      4⤵
      PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
      4⤵
      PID:14784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
    3⤵
    PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        5⤵
        
        PID:7592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 668
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
      4⤵
      PID:592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 628
        5⤵
        
        PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57351.exe
      4⤵
      PID:2656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 760
      4⤵
      PID:5488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 756
    3⤵
    - Program crash
    PID:4340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 720
    3⤵
    - Program crash
    PID:2428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 720
    3⤵
    - Program crash
    PID:3520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 640
    3⤵
    - Program crash
    PID:2164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 672
    3⤵
    - Program crash
    PID:3240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        6⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        5⤵
        
        PID:11672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 636
    3⤵
    - Program crash
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 640
    3⤵
    - Program crash
    PID:1940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
  2⤵
  PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
    3⤵
    PID:3980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 672
      4⤵
      PID:13384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 632
    3⤵
    - Program crash
    PID:10400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
  2⤵
  PID:7784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
    3⤵
    PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
      4⤵
      PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
    3⤵
    PID:10556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
  2⤵
  PID:8712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
    3⤵
    PID:13832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
  2⤵
  PID:11356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
  2⤵
  PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3680 -ip 3680
1⤵
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3680 -ip 3680
1⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2880 -ip 2880
1⤵
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2880 -ip 2880
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3824 -ip 3824
1⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1372 -ip 1372
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3624 -ip 3624
1⤵
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4196 -ip 4196
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3624 -ip 3624
1⤵
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1372 -ip 1372
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3824 -ip 3824
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4196 -ip 4196
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1936 -ip 1936
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 448 -ip 448
1⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5116 -ip 5116
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1940 -ip 1940
1⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2232 -ip 2232
1⤵
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 792 -ip 792
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2596 -ip 2596
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1472 -ip 1472
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2760 -ip 2760
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4792 -ip 4792
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1936 -ip 1936
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 792 -ip 792
1⤵
PID:836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2596 -ip 2596
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1472 -ip 1472
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2760 -ip 2760
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4792 -ip 4792
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4884 -ip 4884
1⤵
PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2124 -ip 2124
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 448 -ip 448
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4936 -ip 4936
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4884 -ip 4884
1⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3484 -ip 3484
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3620 -ip 3620
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4856 -ip 4856
1⤵
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3188 -ip 3188
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1272 -ip 1272
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1940 -ip 1940
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5116 -ip 5116
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1972 -ip 1972
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4856 -ip 4856
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3620 -ip 3620
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3188 -ip 3188
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1272 -ip 1272
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2232 -ip 2232
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2552 -ip 2552
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 592 -ip 592
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2888 -ip 2888
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2580 -ip 2580
1⤵
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3204 -ip 3204
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2300 -ip 2300
1⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1636 -ip 1636
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1972 -ip 1972
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2012 -ip 2012
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2416 -ip 2416
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1536 -ip 1536
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1208 -ip 1208
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4492 -ip 4492
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 2580 -ip 2580
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3204 -ip 3204
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1252 -ip 1252
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2552 -ip 2552
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2300 -ip 2300
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2888 -ip 2888
1⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 592 -ip 592
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2124 -ip 2124
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1208 -ip 1208
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2012 -ip 2012
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3088 -ip 3088
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1536 -ip 1536
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4492 -ip 4492
1⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2416 -ip 2416
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3484 -ip 3484
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4936 -ip 4936
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5440 -ip 5440
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1552 -ip 1552
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5600 -ip 5600
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3088 -ip 3088
1⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6028 -ip 6028
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6140 -ip 6140
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6116 -ip 6116
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5876 -ip 5876
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1820 -ip 1820
1⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5440 -ip 5440
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5600 -ip 5600
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1552 -ip 1552
1⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6048 -ip 6048
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6056 -ip 6056
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2748 -ip 2748
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4996 -ip 4996
1⤵
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5404 -ip 5404
1⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5876 -ip 5876
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5684 -ip 5684
1⤵
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1820 -ip 1820
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6140 -ip 6140
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5112 -ip 5112
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6116 -ip 6116
1⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6028 -ip 6028
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3816 -ip 3816
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1636 -ip 1636
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2060 -ip 2060
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5092 -ip 5092
1⤵
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 2748 -ip 2748
1⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6056 -ip 6056
1⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6048 -ip 6048
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4996 -ip 4996
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5404 -ip 5404
1⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5684 -ip 5684
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5004 -ip 5004
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5636 -ip 5636
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5112 -ip 5112
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 3816 -ip 3816
1⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2060 -ip 2060
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4404 -ip 4404
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5004 -ip 5004
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4604 -ip 4604
1⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5028 -ip 5028
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5636 -ip 5636
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4404 -ip 4404
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4604 -ip 4604
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5028 -ip 5028
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5092 -ip 5092
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2580 -ip 2580
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5680 -ip 5680
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6820 -ip 6820
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2388 -ip 2388
1⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5252 -ip 5252
1⤵
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6760 -ip 6760
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2224 -ip 2224
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 116 -ip 116
1⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6212 -ip 6212
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6208 -ip 6208
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6988 -ip 6988
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 592 -ip 592
1⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6268 -ip 6268
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6344 -ip 6344
1⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7036 -ip 7036
1⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3612 -ip 3612
1⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6512 -ip 6512
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1700 -ip 1700
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 3228 -ip 3228
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6636 -ip 6636
1⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6404 -ip 6404
1⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7044 -ip 7044
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6716 -ip 6716
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 3836 -ip 3836
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6224 -ip 6224
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3980 -ip 3980
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 4944 -ip 4944
1⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5980 -ip 5980
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6720 -ip 6720
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6856 -ip 6856
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6576 -ip 6576
1⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 3936 -ip 3936
1⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 7060 -ip 7060
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6884 -ip 6884
1⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 7160 -ip 7160
1⤵
PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6828 -ip 6828
1⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5680 -ip 5680
1⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 6820 -ip 6820
1⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 2580 -ip 2580
1⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 5252 -ip 5252
1⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 2388 -ip 2388
1⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 2016 -ip 2016
1⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 1260 -ip 1260
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 5616 -ip 5616
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 5800 -ip 5800
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 2228 -ip 2228
1⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5756 -ip 5756
1⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5584 -ip 5584
1⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3220 -ip 3220
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 5564 -ip 5564
1⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5476 -ip 5476
1⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 3044 -ip 3044
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5124 -ip 5124
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6852 -ip 6852
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 1592 -ip 1592
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6236 -ip 6236
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 6628 -ip 6628
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 4568 -ip 4568
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2164 -ip 2164
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5964 -ip 5964
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 5132 -ip 5132
1⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 5716 -ip 5716
1⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 1012 -ip 1012
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 5560 -ip 5560
1⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4808 -ip 4808
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4536 -ip 4536
1⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2224 -ip 2224
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 116 -ip 116
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6068 -ip 6068
1⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 3520 -ip 3520
1⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1364 -ip 1364
1⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 952 -ip 952
1⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 5836 -ip 5836
1⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2328 -ip 2328
1⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1564 -ip 1564
1⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6760 -ip 6760
1⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6212 -ip 6212
1⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 592 -ip 592
1⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6208 -ip 6208
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 6988 -ip 6988
1⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6268 -ip 6268
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7036 -ip 7036
1⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6344 -ip 6344
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7596 -ip 7596
1⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 3612 -ip 3612
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5320 -ip 5320
1⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 1700 -ip 1700
1⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6728 -ip 6728
1⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 2760 -ip 2760
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7812 -ip 7812
1⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 7776 -ip 7776
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6512 -ip 6512
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3228 -ip 3228
1⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 1872 -ip 1872
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6404 -ip 6404
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6636 -ip 6636
1⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6716 -ip 6716
1⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 3836 -ip 3836
1⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7172 -ip 7172
1⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 7044 -ip 7044
1⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3980 -ip 3980
1⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5980 -ip 5980
1⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6224 -ip 6224
1⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5528 -ip 5528
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6856 -ip 6856
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6720 -ip 6720
1⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4944 -ip 4944
1⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1144 -p 6304 -ip 6304
1⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6884 -ip 6884
1⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 6576 -ip 6576
1⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 6800 -ip 6800
1⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 7060 -ip 7060
1⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7028 -ip 7028
1⤵
PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5728 -ip 5728
1⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 7160 -ip 7160
1⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 3936 -ip 3936
1⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6828 -ip 6828
1⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 2016 -ip 2016
1⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 1260 -ip 1260
1⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5800 -ip 5800
1⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1392 -p 5616 -ip 5616
1⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 2228 -ip 2228
1⤵
PID:13772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5756 -ip 5756
1⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4556 -ip 4556
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7504 -ip 7504
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 7380 -ip 7380
1⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 7360 -ip 7360
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1476 -p 4920 -ip 4920
1⤵
PID:14568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 7260 -ip 7260
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 3296 -ip 3296
1⤵
PID:14712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7484 -ip 7484
1⤵
PID:15032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 5584 -ip 5584
1⤵
PID:15236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 3220 -ip 3220
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1412 -p 7852 -ip 7852
1⤵
PID:14752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1376 -ip 1376
1⤵
PID:14924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1424 -p 8456 -ip 8456
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 6276 -ip 6276
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5240 -ip 5240
1⤵
PID:14748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 836 -ip 836
1⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 2364 -ip 2364
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6424 -ip 6424
1⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5364 -ip 5364
1⤵
PID:14716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7292 -ip 7292
1⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7132 -ip 7132
1⤵
PID:15324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6740 -ip 6740
1⤵
PID:15076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 3096 -ip 3096
1⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 4960 -ip 4960
1⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7424 -ip 7424
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 5496 -ip 5496
1⤵
PID:15276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7628 -ip 7628
1⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1916 -ip 1916
1⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5704 -ip 5704
1⤵
PID:15332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4140 -ip 4140
1⤵
PID:14748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 7440 -ip 7440
1⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 8468 -ip 8468
1⤵
PID:13772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1396 -p 8328 -ip 8328
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 8588 -ip 8588
1⤵
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe

Filesize
468KB

MD5
f33412a735b1a031a0e172eee14fc591

SHA1
20023bc0b9650bf22573cafbc51fd256df2a8a82

SHA256
4de0fde6b6c794c1c45d05a695ccdf04da749926a2af0d0b2bdbc4dbff0c3c87

SHA512
98b833734d5eea6d65be206b0b0dc01ab164313dc7172aedca0641deae52b2a86734600421fc9fddba1729b226f16bfa8515b877311c8c9629628cd3d95a5230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe

Filesize
468KB

MD5
8403b7423db69e60bd4db0ea87733768

SHA1
16b2d869016c1931d3f84bf52e1df7ab753805e0

SHA256
1213e4df1f6a0028c9ee94160544fa11ba277bfba35ee2698b6da0b065980701

SHA512
e9c0293f78c9c7bc4b2881f405cee613e26c27975bedf9f85db696b94f8459ac02540540a86d9a8fd88f6e38fced97f99fd693e674839a4a306cae9136c82db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe

Filesize
468KB

MD5
d3fa577663d074d45eb7d34192f6dab6

SHA1
04b366e14faa4d98495a37287d550d5b12b01659

SHA256
1b0fdcaf5d54e29db8bf7fdc6a4b627fe564fac7fb250ecea66d7ff2c0f90039

SHA512
12f106ba756c38516a822362bb4a2a1ea41b56f6b4e1bbceaad80c1db4678f28434f899f9208bc86613c08bbe86c0acab182f826747dc42260ad3d26012bb6d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe

Filesize
468KB

MD5
3b94412d0dfba61b8d76ee4f85214802

SHA1
2b9c351b702f3c604bd17c4e532ba6e19be6a8f6

SHA256
d0c4eba6c043af9740f61cbbb46bfb5f7d3a5c816b2243967ca9a293637fce21

SHA512
e43fc572723983a31292fc14ba3d516bda6477175c412a2591a857364766de895e4d685f840ca5abd8995a1c1b1f2c72c8c552e7d435352bbf690061adacc30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe

Filesize
468KB

MD5
88d55b85832c7f68d693fb4f8643b280

SHA1
c54529e12334777164dd37273b7c35ce82c80dca

SHA256
94f570cb7ec385417614ecdb7ef1f4b544d7225a3b60bb1cdea94cf749ed14a1

SHA512
8f59790003d97a63c719b94f3cb9598b0f0d73788647568e28add823a8e4c52b5591f59a2ca1ba79c04baa8c8c5b5d29e0d0acc178426663c3ca6a3cfcc2e953

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe

Filesize
468KB

MD5
46324d94aea4a47140b34402bbb8f39b

SHA1
176a3bfea41c55a4a486844a11043889129102ce

SHA256
55553ff7ed90b109f6aac58c319479495e9387e24e847f3b54bdcd40785f5a60

SHA512
fec5c7568acee2f525012ae6937eb640fc4895a813f311bcc4e340fc7e24d97948d561b2d493b416cfc0df545e13fae22afb88e32a7f6eada3c1a070d9d4c64f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe

Filesize
468KB

MD5
afba6890e7ceef4270194dd2480377d2

SHA1
5f80df8c2d5dfefb912723907650ee063a81aaad

SHA256
41bc7f354f322085c8b59d3ea5d1a16ef44a21a24faeb0d772b9cc51b919dbc1

SHA512
51a532c92213202806a5a441888f8b71a0f9d25517f526721d068b9adf2ae022d5830075bad0ca2654483f43ec90bf6822ad8be7e9541b23a60208131cedbd66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe

Filesize
468KB

MD5
26031e389d355546197df15ad85be7ca

SHA1
4aa7ec61c2507e0b7730e6bbcf96f05fe4ebb0de

SHA256
d03e032724af08964d37a3fc6f2e312b8b20cb231d692959d651aeaf76d74d80

SHA512
306eabe302e5a8be8b8c949735b952b624416b98051a3e36ef23212750a8bfa2eadcf78d1cb2a01a523bc6455da83ce3c5009caf6320d754abc4ac70b877b62a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe

Filesize
468KB

MD5
74aa569cd44150e28428403aab4cc95e

SHA1
c4a95551622bf6b570f100b06ceda106eb8ffbbb

SHA256
28824d517334d8ced327360acce27010833297e8531eb9092691bc7d35d8bed7

SHA512
c84fe335bd109aa2d28dfae9c044d29ffc5ff4b5d46ecbcec27e16bdf205cbf144f739cb10db5ab5eee99bd585b2a298272cd063de9670340a19953569404b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe

Filesize
468KB

MD5
54249718a4404ed568eb0876b07170b5

SHA1
a3e703b1868546ad3c6157428dced31285b6042b

SHA256
845f8c5d633a923e3c62d4005f0a94c0e6462dc214ef01836d5bc81bb0a5743b

SHA512
2b5dafe08e78d232903496c67f47abc4ae10d999da606c6b8de058146903531d657d0bf29ab0498d632ebc5d9821bb80c4760cbd47c03709a3b7160df6c3e952

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe

Filesize
468KB

MD5
1809f7c43b95fb05b14325ff1d87b6f3

SHA1
dbdc09dff393f76602a7b1332dc853d819bae3c4

SHA256
527ce67c7d047ecf191adeedb2a8a997dc19423ad501b9be0d50961ac1931b85

SHA512
2dd772002457fb13bf19a965668c2d7a928c92f6844277be7b7105573f80d57e96749cb590f603974604e75b5a35a05a7b2d1149e645e9f0aef3eb2dd474cc28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe

Filesize
468KB

MD5
fd3082b3bba4a51769edde7fcd8e142c

SHA1
78f6d228e048d01f8fcae66f214dfecfcb3575e0

SHA256
c5ea0eb7e5d1fefd4862a921ea18ab5bd9f9a9c62639f345bd5eb57b97e24f99

SHA512
3456b449027577311231dfbb6650c18a79045663096efaf4d5202a9a8cc533688da8e99ff3412dfe2649f1d5617ad9198eb35128233e1416c0e4cf8ffb80d9ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe

Filesize
468KB

MD5
478d3e9349cce885054e1fbbe6d711ee

SHA1
f866d172eb66f08a9d0e4f3481d3b7a006481536

SHA256
b4790136b4be9f86d8724546d4ea92a5fd3d37bd770a279f730c43e857305f61

SHA512
637f25744d850f5df4fe0b33230b2388a92bf4b86be84bfb0f7c9bda66946c3f2bf663b081dbe7b93d1e2b280947fd2a23e6d989da9cfedf280d3a864d124a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe

Filesize
468KB

MD5
3b651881469192811dd3736bc18dcd72

SHA1
c961660a7c9436fe98e1a3715bb1b76ae7ed3445

SHA256
2c6758ed454ed1d542d4eab6a55c7fb377cc78883c54d5d85a06205843493a58

SHA512
4ea252bbb874385089c5081ddb9e9874f58de16f23b16cbec88502fade5a5eb2163b80ef8aa7706841d16f703aaa5a6411a639b24e9283ada15664a006505470

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe

Filesize
468KB

MD5
68891f4d28e389110e25a7f155b6d833

SHA1
4b9ff9abb0aab10053565ba8425cc39b22461b24

SHA256
6e2dadab33d38e3321c140fc099d1dc7834cc4018f6d540c9baa792c98b5952a

SHA512
b088fec9433d63968d0d371cbfaa17107f972cedd8c0350a3c7d4dbf1ac384d8247d58235fd27b8d98ebaedc01092b5ee25482d36d2e9b876f1712f0b6ce5153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe

Filesize
468KB

MD5
ed2f032aeea6a682c2d66f5cbb811502

SHA1
4060494c42634c2ad8719f32bad2431b573e45ac

SHA256
2f746cc382244a2432a7549496d8b48fd5200f4bd7075f0bc4c7aa5c0d0aabf3

SHA512
30255430026ec6bc5ccce95da38bde58df2befb90482d7d559021e2aa450c840b33fd81a403d0388502a1e0cb86a54640db5977cab665d1446ba9cd0c026d549

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe

Filesize
468KB

MD5
640e0adf3d4e34a3df7b10df57f037ed

SHA1
60847abfb0c0cefee0714aa070cf1386e596554e

SHA256
6356f157b2ebe8552be0b28b4c00f317f2d08bf8a3f7373ae4470fbc8ac5466f

SHA512
7df9cb1636aebc3fe6b90d2b61a38910701c0c05c9406d8f615ed4b5f39ba45ab787478ba77c829be98b839fba9e79aa8aa4aa095b8f33de80b79c60ae11d2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe

Filesize
468KB

MD5
a602a12ed3caabda645a5271bb0005ce

SHA1
b1e84f9363afbcdca20c891641e8bee1e7d1271d

SHA256
49a69a184da40242ef546b4818f6bb942f2cdc9bda45851f54dc9f2cb8e1a2b2

SHA512
3129ab6293bd531cbc36d005b6b1d7a90729ccab226d1135737114b43383583a556536e2f047085fdd19e4afa694e51d858e304a9ad74f60e2c05947d0938479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe

Filesize
468KB

MD5
88c48b4f4ba86f0783f24f2f208d849e

SHA1
5313b20a27ee565073ffc8f1052846d12d643bde

SHA256
db706d05342ee68283d07d3126070b17817f3096f38e99776cc66fccf57e4c72

SHA512
918b130c4d688e39bfd01706369a5a87e52865d529e0e160b8f59ceb24f25ca3fceda56b14e8c12495b0dbe7d9809d8f56be3cbaff80ba71fdf81b396d8b8e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe

Filesize
468KB

MD5
6d27dfd4ff8d58d46914eb698170af6c

SHA1
932b47c5a6da3cbfb94956b9b864c852633ca493

SHA256
f2b2f5f6a355aba768c7de91ed6b5910eee22922d2d7616e2c5672cee7ee0977

SHA512
a8880c773eda4332ee40764b0cc54f93e58b8f1d0f7a69476e3e5600c302e3eaf1811c5585b59aaffeaa9a2d7b470d45b213f6a4597023c4a12288e52342bfc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe

Filesize
468KB

MD5
53bb8c1cc4256f583bfef1ff68e97616

SHA1
aa60e5c7ccd682170a37fdf97d427c99dd336438

SHA256
3f4074b9d72decd6752e66c7655d683857f3109fdfad06d980d480869abca828

SHA512
3ef0f01aa8263537188c275c6fb6c96940bcf99c918c5cf809670a5fa4d5858bcd9a66a981e113ac5d18408cf5fae7c6820979925bc5d3d24660a518d85aa571

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe

Filesize
468KB

MD5
f696b62bd50b18bcf6322c7f9a25d1de

SHA1
c3f5073cd777524311c31bd895f4a93ed7637116

SHA256
cc7f5ba53280a6978928032b4b4a2808584a84fae2282f5cbc4a23efbf73fff1

SHA512
3fa2a3fb49d87a8b69705145a27a53fecee1762fed92b8e17444a51dc82eb90159090b87ff39a6f8a0ecbb6630f6348616622851851817fab7b04890b790b01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe

Filesize
468KB

MD5
42787f5269918c909b92e080c4cf88ee

SHA1
bfefda0197f96dba1c0204fd51cdf13f6032c5f4

SHA256
ef74c6c72f58712f8a5d4da22cd5d0bc962c150f10800c2058de3f06f7129ae0

SHA512
767672fb4839ad167dbbd8e3d414f6d39ddb5eb72a2aeccc0664bc10c1a0d21a2a9784c85ea008c7887294a09f32a90d23d9e32dbeda63099c9b1d5b1c9e67f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe

Filesize
468KB

MD5
623641cbeb64d39366e520ef829b11c8

SHA1
2f3342ae6e8a965268eafa59726dbd7d120ec219

SHA256
b6cacf68fe3d5d44374919ebc97bfa4e04d6b1207de23f341f51554487ecde9f

SHA512
0f5a698795a58a8bf305a1404615f3ec39402e0a7750a4e74fa30542defcc281eae9b2f4c52b936dd55657d8b44523abed806097e173b83ad53887010f0b6a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe

Filesize
468KB

MD5
65ba8c0c61a27f7c35f575e9170519e1

SHA1
b2bceadcbe62419c1698001628fb68fe4c3f7787

SHA256
8d026fdd5d2869c1e8a53312bf775b87c3a87580e2ac49d009d62d6536d80155

SHA512
c08321b7afdaad62bf795a5ffe0ebe0e3baa1a141150a7e59f18808f9e6074162bc08b8d9b8b65ee98a0b82fa0fcfefa8425688d0f9371153d163e040893849d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe

Filesize
468KB

MD5
d1b22d80bc8d85651ac8d892d3f439d8

SHA1
dfad3cc8e6f51094713fc3ef201a085914e54e44

SHA256
cb21af6194d33fb88451c28d5f1bffc7c7afed3a4eeb2eb2c6b2a236caca274c

SHA512
70e1adee3f44bb177ed9b0ab0e8de83716381c2741b0a238189259210bce0c65c3824e450731f6b408df34dfe024457de67b8ec2691f5f7bf650e927d14b759f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe

Filesize
468KB

MD5
b10c6479f3c9212fd350208b0b18c80d

SHA1
32cf9f4eae00be23c3530c28a34ef24b7f4282d6

SHA256
5a1d21c9de9e7fb0a77233b29d42ba07ca36339a1fd188b6d6dcbcde5a98e9f0

SHA512
ddbaea8bf7ad542e3be5f3114f56a6a731e777a6b1f324d43b8b03e0edc418668fac7a1fc69cc78870826a7174b53c47441a8438eaa91fba137d1f9b1cd922ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe

Filesize
468KB

MD5
b5b5a72a707e098d9ebe0a1c20a420f0

SHA1
687eff815df9bc280f5154690e2ff725abc5bc04

SHA256
f13ee4134bdb82e70a39077bdb1b289b9016aa5daba1a438db414022cb5a8e72

SHA512
95d458a270802a5784bfc6ec477b0099b0efe64238ca6328140acb6d3ae8ff3079c156d7cb0f6cc05f45ee6e3fe9529ee1467ce14a2382ed873a0a547e438ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe

Filesize
468KB

MD5
bb9c7386a809bf61348f96311fabbf64

SHA1
0b30577dbf7d8f0dab0a1a602a06f187757df716

SHA256
0efea94167d68a9125c0f9d865158ad70506d970273f0a4d0f16602f588d1ba6

SHA512
232c2da6937736153453c81391a42264024dd2317a7d3fc98d3df121d1726a9bf7ea86bd5e01144e4efe82ba61e4e2f9724316077e2c88dfa5b489b831fc711a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe

Filesize
468KB

MD5
cf218dd3bb62948d6e0a8dc1a93e9deb

SHA1
580d103fb5e590336bd7bc79a4b9563b998d52b3

SHA256
c1ef59eb471fc48a8382a87ee23acac099d3fe2f81cebdd5f8ad6d6412a1da3b

SHA512
9b6e8157c915c5c834ec717d61cb932f2e223e18145a20baa02b7909b3613e9a428cc0d3ff541b7f728cd524fab1deaa7f4850f3dcf6d3fa843af99dee2a8819

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe

Filesize
468KB

MD5
2460d8a085895f0586015b19c9df2840

SHA1
2cefd8081310010d1a9dc69d5f9c70eea03c6c77

SHA256
035b07ff884e31add5a2ac488a91fc75b94007507942efa272a0f10d103c48f7

SHA512
d01dc0f6644dbd772eaa97dfa6372cd0133600d7adc7df0c3864dbcb631aaffa401622676537df35c2e84013edcbda0eb3b75b7f9f6415f8e0fb85bba9253a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe

Filesize
468KB

MD5
f3430fa374c06d9de0b828a2647d03a8

SHA1
d5e018838032055c39ab0067a6a8f5960943e1b4

SHA256
042f561bc09f54d2adce8f8e16b4da095493d997e5956ecd758e0ee7dba8a021

SHA512
595ab345c012d314c0e72587d4a73c98a951a88d82d6f8a02fdb32c4e15c2bf220559f0c72d52fd640e2e62ec8633bb0a5b835b3fd67d9db6edfb828257b51be

Download Submit
memory/14036-2617-0x0000000077460000-0x000000007746A000-memory.dmp

Filesize
40KB

Download