be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe
Size

468KB
MD5

653419b230d4549ddc4d6376d136e360
SHA1

4bc442118a214bbc5901ee2fb11ca46b6d51dc3c
SHA256

be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154
SHA512

597c3599b83559b6242c4b2d6c81a88a372e9d2cda6d32d0a433f4f4238bf2b06eb326fecd09265a3923df98e8d6b61376b09d4e0df9137646ff76eeaaa87832
SSDEEP

3072:dG3sogIKIE5ltIYZHuMfcf+/4ChaP0pGJVHMTVPH/4YFHf/g9Slh:dGcoDMltPHnfcf9YJ9/4s//g9

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4024	Unicorn-36500.exe
3892	Unicorn-36900.exe
1996	Unicorn-32493.exe
2964	Unicorn-56516.exe
708	Unicorn-3594.exe
1928	Unicorn-38919.exe
2268	Unicorn-801.exe
1240	Unicorn-21540.exe
260	Unicorn-3942.exe
1492	Unicorn-4746.exe
2620	Unicorn-13956.exe
440	Unicorn-1290.exe
696	Unicorn-21156.exe
2340	Unicorn-16749.exe
1908	Unicorn-57863.exe
1432	Unicorn-25684.exe
3572	Unicorn-37613.exe
3676	Unicorn-25300.exe
3988	Unicorn-31771.exe
3736	Unicorn-23105.exe
1020	Unicorn-32036.exe
2624	Unicorn-12170.exe
4524	Unicorn-47495.exe
484	Unicorn-10717.exe
1576	Unicorn-24452.exe
3928	Unicorn-9747.exe
1860	Unicorn-56654.exe
2296	Unicorn-11667.exe
2692	Unicorn-45959.exe
5076	Unicorn-8797.exe
2784	Unicorn-6689.exe
4064	Unicorn-51652.exe
1600	Unicorn-18596.exe
744	Unicorn-34055.exe
828	Unicorn-42138.exe
2960	Unicorn-12353.exe
4260	Unicorn-1418.exe
1916	Unicorn-50427.exe
4936	Unicorn-4490.exe
2308	Unicorn-64162.exe
4168	Unicorn-64162.exe
1968	Unicorn-13219.exe
4440	Unicorn-9498.exe
64	Unicorn-14070.exe
1804	Unicorn-56949.exe
4472	Unicorn-13302.exe
2216	Unicorn-58590.exe
4296	Unicorn-16676.exe
2596	Unicorn-60894.exe
3484	Unicorn-16292.exe
2932	Unicorn-9777.exe
4840	Unicorn-48315.exe
3060	Unicorn-31367.exe
3140	Unicorn-65383.exe
956	Unicorn-15991.exe
2544	Unicorn-15991.exe
960	Unicorn-4890.exe
3460	Unicorn-7158.exe
2580	Unicorn-52830.exe
1228	Unicorn-8227.exe
4012	Unicorn-31962.exe
4756	Unicorn-24756.exe
1792	Unicorn-1713.exe
3196	Unicorn-50914.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2028	708	WerFault.exe	97
1412	708	WerFault.exe	97
2160	1492	WerFault.exe	105
4420	2340	WerFault.exe	109
3296	1996	WerFault.exe	93
1532	1492	WerFault.exe	105
1120	2340	WerFault.exe	109
1968	1996	WerFault.exe	93
3408	3736	WerFault.exe	119
5060	4524	WerFault.exe	122
4600	1576	WerFault.exe	124
956	1020	WerFault.exe	120
4820	1576	WerFault.exe	124
4196	1020	WerFault.exe	120
4768	3736	WerFault.exe	119
3356	4524	WerFault.exe	122
1348	2960	WerFault.exe	150
1020	484	WerFault.exe	123
5132	4936	WerFault.exe	154
3312	2308	WerFault.exe	155
6036	3060	WerFault.exe	182
1976	2544	WerFault.exe	186
5664	1456	WerFault.exe	197
484	4064	WerFault.exe	142
1484	3676	WerFault.exe	116
4340	4416	WerFault.exe	216
6524	6024	WerFault.exe
5616	4936	WerFault.exe	154
7340	5212	WerFault.exe	317
7324	6640	WerFault.exe	325
6560	3948	WerFault.exe	207
8860	5332	WerFault.exe	224
9960	1928	WerFault.exe	98
9952	4472	WerFault.exe	176
9944	5532	WerFault.exe	233
9936	5956	WerFault.exe	432
8300	6732	WerFault.exe	368
5448	6896	WerFault.exe	379
9928	6872	WerFault.exe	436
9688	6636	WerFault.exe	411
9680	6480	WerFault.exe	371
9648	6848	WerFault.exe	410
5620	1804	WerFault.exe	175
8580	5360	WerFault.exe	226
10384	6968	WerFault.exe	335
10876	7724	WerFault.exe	451
11048	6076	WerFault.exe	422
11040	6660	WerFault.exe	404
11032	6940	WerFault.exe	416
11024	6484	WerFault.exe	431
11016	5664	WerFault.exe	419
11008	64	WerFault.exe	417
11000	6424	WerFault.exe	412
10376	3828	WerFault.exe	382
8936	6172	WerFault.exe	383
9320	7136	WerFault.exe	418
8236	5888	WerFault.exe	421
9540	6620	WerFault.exe	400
10132	6992	WerFault.exe	385
9028	1240	WerFault.exe	365
8636	1592	WerFault.exe	423
7328	3152	WerFault.exe	261
10252	7956	WerFault.exe	503
1716	7736	WerFault.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58388.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe
4024	Unicorn-36500.exe
3892	Unicorn-36900.exe
1996	Unicorn-32493.exe
708	Unicorn-3594.exe
2964	Unicorn-56516.exe
2268	Unicorn-801.exe
1928	Unicorn-38919.exe
1240	Unicorn-21540.exe
260	Unicorn-3942.exe
2620	Unicorn-13956.exe
1492	Unicorn-4746.exe
440	Unicorn-1290.exe
696	Unicorn-21156.exe
2340	Unicorn-16749.exe
1908	Unicorn-57863.exe
1432	Unicorn-25684.exe
3572	Unicorn-37613.exe
3676	Unicorn-25300.exe
4524	Unicorn-47495.exe
1020	Unicorn-32036.exe
1576	Unicorn-24452.exe
3988	Unicorn-31771.exe
3736	Unicorn-23105.exe
484	Unicorn-10717.exe
2624	Unicorn-12170.exe
3928	Unicorn-9747.exe
1860	Unicorn-56654.exe
2296	Unicorn-11667.exe
2692	Unicorn-45959.exe
5076	Unicorn-8797.exe
2784	Unicorn-6689.exe
1600	Unicorn-18596.exe
4064	Unicorn-51652.exe
744	Unicorn-34055.exe
828	Unicorn-42138.exe
2960	Unicorn-12353.exe
1916	Unicorn-50427.exe
4168	Unicorn-64162.exe
2308	Unicorn-64162.exe
4936	Unicorn-4490.exe
4260	Unicorn-1418.exe
1968	Unicorn-13219.exe
4440	Unicorn-9498.exe
64	Unicorn-14070.exe
4472	Unicorn-13302.exe
1804	Unicorn-56949.exe
2216	Unicorn-58590.exe
4296	Unicorn-16676.exe
2596	Unicorn-60894.exe
3484	Unicorn-16292.exe
2932	Unicorn-9777.exe
3060	Unicorn-31367.exe
4840	Unicorn-48315.exe
956	Unicorn-15991.exe
2544	Unicorn-15991.exe
3140	Unicorn-65383.exe
960	Unicorn-4890.exe
4756	Unicorn-24756.exe
1228	Unicorn-8227.exe
4012	Unicorn-31962.exe
3460	Unicorn-7158.exe
3456	Unicorn-48644.exe
1792	Unicorn-1713.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 4024	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	89
PID 2304 wrote to memory of 4024	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	89
PID 2304 wrote to memory of 4024	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	89
PID 4024 wrote to memory of 3892	4024	Unicorn-36500.exe	92
PID 4024 wrote to memory of 3892	4024	Unicorn-36500.exe	92
PID 4024 wrote to memory of 3892	4024	Unicorn-36500.exe	92
PID 2304 wrote to memory of 1996	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	93
PID 2304 wrote to memory of 1996	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	93
PID 2304 wrote to memory of 1996	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	93
PID 3892 wrote to memory of 2964	3892	Unicorn-36900.exe	95
PID 3892 wrote to memory of 2964	3892	Unicorn-36900.exe	95
PID 3892 wrote to memory of 2964	3892	Unicorn-36900.exe	95
PID 4024 wrote to memory of 708	4024	Unicorn-36500.exe	97
PID 4024 wrote to memory of 708	4024	Unicorn-36500.exe	97
PID 4024 wrote to memory of 708	4024	Unicorn-36500.exe	97
PID 1996 wrote to memory of 1928	1996	Unicorn-32493.exe	98
PID 1996 wrote to memory of 1928	1996	Unicorn-32493.exe	98
PID 1996 wrote to memory of 1928	1996	Unicorn-32493.exe	98
PID 2304 wrote to memory of 2268	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	99
PID 2304 wrote to memory of 2268	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	99
PID 2304 wrote to memory of 2268	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	99
PID 2268 wrote to memory of 1240	2268	Unicorn-801.exe	101
PID 2268 wrote to memory of 1240	2268	Unicorn-801.exe	101
PID 2268 wrote to memory of 1240	2268	Unicorn-801.exe	101
PID 2964 wrote to memory of 260	2964	Unicorn-56516.exe	104
PID 2964 wrote to memory of 260	2964	Unicorn-56516.exe	104
PID 2964 wrote to memory of 260	2964	Unicorn-56516.exe	104
PID 2304 wrote to memory of 1492	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	105
PID 2304 wrote to memory of 1492	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	105
PID 2304 wrote to memory of 1492	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	105
PID 4024 wrote to memory of 2620	4024	Unicorn-36500.exe	106
PID 4024 wrote to memory of 2620	4024	Unicorn-36500.exe	106
PID 4024 wrote to memory of 2620	4024	Unicorn-36500.exe	106
PID 3892 wrote to memory of 440	3892	Unicorn-36900.exe	108
PID 3892 wrote to memory of 440	3892	Unicorn-36900.exe	108
PID 3892 wrote to memory of 440	3892	Unicorn-36900.exe	108
PID 1928 wrote to memory of 696	1928	Unicorn-38919.exe	107
PID 1928 wrote to memory of 696	1928	Unicorn-38919.exe	107
PID 1928 wrote to memory of 696	1928	Unicorn-38919.exe	107
PID 1996 wrote to memory of 2340	1996	Unicorn-32493.exe	109
PID 1996 wrote to memory of 2340	1996	Unicorn-32493.exe	109
PID 1996 wrote to memory of 2340	1996	Unicorn-32493.exe	109
PID 260 wrote to memory of 1908	260	Unicorn-3942.exe	113
PID 260 wrote to memory of 1908	260	Unicorn-3942.exe	113
PID 260 wrote to memory of 1908	260	Unicorn-3942.exe	113
PID 2620 wrote to memory of 1432	2620	Unicorn-13956.exe	114
PID 2620 wrote to memory of 1432	2620	Unicorn-13956.exe	114
PID 2620 wrote to memory of 1432	2620	Unicorn-13956.exe	114
PID 2964 wrote to memory of 3572	2964	Unicorn-56516.exe	115
PID 2964 wrote to memory of 3572	2964	Unicorn-56516.exe	115
PID 2964 wrote to memory of 3572	2964	Unicorn-56516.exe	115
PID 1240 wrote to memory of 3676	1240	Unicorn-21540.exe	116
PID 1240 wrote to memory of 3676	1240	Unicorn-21540.exe	116
PID 1240 wrote to memory of 3676	1240	Unicorn-21540.exe	116
PID 2304 wrote to memory of 3736	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	119
PID 2304 wrote to memory of 3736	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	119
PID 2304 wrote to memory of 3736	2304	be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe	119
PID 4024 wrote to memory of 3988	4024	Unicorn-36500.exe	118
PID 4024 wrote to memory of 3988	4024	Unicorn-36500.exe	118
PID 4024 wrote to memory of 3988	4024	Unicorn-36500.exe	118
PID 2268 wrote to memory of 2624	2268	Unicorn-801.exe	121
PID 2268 wrote to memory of 2624	2268	Unicorn-801.exe	121
PID 2268 wrote to memory of 2624	2268	Unicorn-801.exe	121
PID 440 wrote to memory of 1020	440	Unicorn-1290.exe	120

C:\Users\Admin\AppData\Local\Temp\be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe
"C:\Users\Admin\AppData\Local\Temp\be83e6b604981a92aaaf20f4a19135ded3e6a59e50a93ee86a5bb20515bc8154.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        10⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 720
        10⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 720
        10⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        9⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 720
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        8⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        12⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 716
        11⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 648
        11⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 648
        11⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        10⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        10⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        10⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        9⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 664
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 632
        9⤵
        Program crash
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 744
        9⤵
        Program crash
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        8⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        8⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55772.exe
        7⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        9⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        10⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 660
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        10⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        9⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        9⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61748.exe
        9⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        10⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 624
        9⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 636
        10⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        9⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        9⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 652
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        9⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        9⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 636
        9⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        7⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 636
        8⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 636
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        7⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        8⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 660
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        7⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 636
        8⤵
        Program crash
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 760
        7⤵
        Program crash
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        6⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 724
        7⤵
        Program crash
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        9⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        9⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        7⤵
        
        PID:732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 732 -s 636
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
        7⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        6⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 636
        7⤵
        Program crash
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        6⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 628
        9⤵
        Program crash
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 632
        9⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        8⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        9⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 644
        10⤵
        Program crash
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 636
        9⤵
        Program crash
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 628
        8⤵
        Program crash
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        8⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 636
        10⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 636
        10⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        9⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
        10⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 660
        9⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
        8⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 744
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        9⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        10⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        10⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        9⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        10⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 692
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        9⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 668
        8⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 668
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 636
        8⤵
        Program crash
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 740
        7⤵
        Program crash
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        9⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        8⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        7⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        6⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 636
        7⤵
        Program crash
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        6⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 636
        7⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
        6⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 640
        7⤵
        Program crash
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        8⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        9⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        8⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 680
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56501.exe
        7⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        6⤵
        
        PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        9⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        7⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 636
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        7⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21204.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        6⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        6⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        5⤵
        
        PID:3460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 636
        6⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        5⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        6⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43117.exe
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 640
        6⤵
        Program crash
        
        PID:956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 640
        6⤵
        Program crash
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        6⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 636
        7⤵
        Program crash
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        6⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        7⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        6⤵
        
        PID:9792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 644
        6⤵
        
        PID:12848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 644
        6⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        7⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 644
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        8⤵
        
        PID:14916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 756
        7⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        6⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 636
        7⤵
        Program crash
        
        PID:10252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 656
        6⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 636
        6⤵
        Program crash
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        5⤵
        
        PID:4828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 780
        5⤵
        
        PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 632
        5⤵
        Program crash
        
        PID:4600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 632
        5⤵
        Program crash
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 644
        5⤵
        Program crash
        
        PID:5132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 664
        5⤵
        Program crash
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
      4⤵
      PID:1456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 636
        5⤵
        Program crash
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
      4⤵
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        5⤵
        
        PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
      4⤵
      PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 720
      4⤵
      Program crash
      PID:2028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 720
      4⤵
      Program crash
      PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        10⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        9⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        9⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        9⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
        10⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        9⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        9⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        9⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        10⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        10⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 636
        9⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        8⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 724
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        9⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 636
        8⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 756
        7⤵
        Program crash
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        7⤵
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        6⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        7⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25501.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        6⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        6⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
        9⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        9⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 672
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        8⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 656
        8⤵
        
        PID:15148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 668
        7⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        6⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 636
        7⤵
        Program crash
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        6⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 636
        7⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        6⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        7⤵
        
        PID:14744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 724
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24183.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        8⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 668
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        7⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 760
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        6⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 644
        7⤵
        Program crash
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        6⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 724
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        6⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        7⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        7⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 636
        8⤵
        Program crash
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        7⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 636
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        7⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
        6⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 628
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        6⤵
        
        PID:9580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 708
        6⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17412.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        6⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        7⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
        6⤵
        
        PID:9604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 672
        6⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        5⤵
        
        PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
        7⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 632
        8⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        8⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        7⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        7⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        7⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        6⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11142.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        6⤵
        
        PID:64
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 636
        7⤵
        Program crash
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        7⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        6⤵
        
        PID:9616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 676
        6⤵
        
        PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        6⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        5⤵
        
        PID:6940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 636
        6⤵
        Program crash
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        5⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 632
        6⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48546.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
        6⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        8⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
        8⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 652
        7⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 652
        7⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        8⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 648
        7⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        6⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 636
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 636
        6⤵
        Program crash
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49173.exe
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        6⤵
        
        PID:3104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 660
        5⤵
        
        PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 644
        6⤵
        Program crash
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        
        PID:4944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 632
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 640
        5⤵
        Program crash
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18086.exe
      4⤵
      PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        5⤵
        
        PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
      4⤵
      PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
      4⤵
      PID:8284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 716
        6⤵
        Program crash
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        9⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        8⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 648
        7⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 648
        7⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        7⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 636
        8⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 636
        7⤵
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 744
        6⤵
        Program crash
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
        6⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27069.exe
        7⤵
        
        PID:8396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 636
        6⤵
        Program crash
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        6⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17796.exe
        7⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        6⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        6⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        5⤵
        
        PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58094.exe
        6⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 636
        7⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        6⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
        6⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        6⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 628
        7⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 628
        7⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        6⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
        7⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34561.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        5⤵
        
        PID:7592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 636
        6⤵
        
        PID:5452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 636
        6⤵
        
        PID:5492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 740
        5⤵
        
        PID:4272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 740
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        5⤵
        
        PID:6732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 636
        6⤵
        Program crash
        
        PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
      4⤵
      PID:11300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 728
      4⤵
      Program crash
      PID:1348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64164.exe
      4⤵
      PID:6024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 640
        5⤵
        Program crash
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
      4⤵
      PID:6896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 636
        5⤵
        Program crash
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
      4⤵
      PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        5⤵
        
        PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
      4⤵
      PID:14196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
    3⤵
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
      4⤵
      PID:7232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 636
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
      4⤵
      PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        5⤵
        
        PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      4⤵
      PID:12112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
    3⤵
    PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14562.exe
    3⤵
    PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
      4⤵
      PID:14140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
    3⤵
    PID:9744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
    3⤵
    PID:9184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
    3⤵
    PID:15080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 720
        6⤵
        Program crash
        
        PID:5060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 720
        6⤵
        Program crash
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
        6⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 636
        7⤵
        Program crash
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        7⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        6⤵
        
        PID:9500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 772
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        5⤵
        
        PID:6172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 636
        6⤵
        Program crash
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        6⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        8⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        9⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 636
        10⤵
        Program crash
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
        9⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 640
        10⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
        9⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        10⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        10⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 636
        9⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        9⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        9⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        9⤵
        
        PID:13748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 716
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        8⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 640
        9⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        7⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        6⤵
        
        PID:5640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 668
        6⤵
        Program crash
        
        PID:484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 648
        5⤵
        Program crash
        
        PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 644
        5⤵
        Program crash
        
        PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49783.exe
        5⤵
        
        PID:6620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 636
        6⤵
        Program crash
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        6⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        5⤵
        
        PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        5⤵
        
        PID:11444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 744
      4⤵
      Program crash
      PID:9960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 724
      4⤵
      Program crash
      PID:4420
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 724
      4⤵
      Program crash
      PID:1120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 728
    3⤵
    - Program crash
    PID:3296
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 748
    3⤵
    - Program crash
    PID:1968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        8⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 628
        9⤵
        Program crash
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        8⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 636
        9⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 636
        9⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        9⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        7⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        9⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        9⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        9⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        8⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        9⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        8⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 668
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        7⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 648
        8⤵
        Program crash
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 648
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        8⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        7⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 788
        7⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        7⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        7⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        6⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 636
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
        6⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        5⤵
        Executes dropped EXE
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        6⤵
        
        PID:5276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 616
        5⤵
        Program crash
        
        PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        7⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        6⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        5⤵
        
        PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 640
        5⤵
        Program crash
        
        PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
      4⤵
      PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
      4⤵
      PID:13896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 644
    3⤵
    - Program crash
    PID:2160
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 644
    3⤵
    - Program crash
    PID:1532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 640
    3⤵
    - Program crash
    PID:3408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 640
    3⤵
    - Program crash
    PID:4768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48644.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
  2⤵
  PID:4720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
  2⤵
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35700.exe
      4⤵
      PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
      4⤵
      PID:13280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 664
    3⤵
    PID:10640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
  2⤵
  PID:1484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 616
    3⤵
    PID:15280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
  2⤵
  PID:9752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
  2⤵
  PID:1172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63510.exe
  2⤵
  PID:15100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 708 -ip 708
1⤵
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 708 -ip 708
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1492 -ip 1492
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2340 -ip 2340
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1996 -ip 1996
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2340 -ip 2340
1⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1492 -ip 1492
1⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1996 -ip 1996
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3736 -ip 3736
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1576 -ip 1576
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1020 -ip 1020
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4524 -ip 4524
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2624 -ip 2624
1⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1240 -ip 1240
1⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2624 -ip 2624
1⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1240 -ip 1240
1⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3736 -ip 3736
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1020 -ip 1020
1⤵
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1576 -ip 1576
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4524 -ip 4524
1⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2960 -ip 2960
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4936 -ip 4936
1⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2308 -ip 2308
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 484 -ip 484
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1916 -ip 1916
1⤵
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2268 -ip 2268
1⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1916 -ip 1916
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2268 -ip 2268
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2596 -ip 2596
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4840 -ip 4840
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3060 -ip 3060
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2544 -ip 2544
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2596 -ip 2596
1⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4840 -ip 4840
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2960 -ip 2960
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2544 -ip 2544
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1456 -ip 1456
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3456 -ip 3456
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4936 -ip 4936
1⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3456 -ip 3456
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 484 -ip 484
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1980 -ip 1980
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1324 -ip 1324
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2308 -ip 2308
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3832 -ip 3832
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1592 -ip 1592
1⤵
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4416 -ip 4416
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5280 -ip 5280
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1324 -ip 1324
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5256 -ip 5256
1⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1980 -ip 1980
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3832 -ip 3832
1⤵
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1592 -ip 1592
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5640 -ip 5640
1⤵
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5748 -ip 5748
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 828 -ip 828
1⤵
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3060 -ip 3060
1⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 64 -ip 64
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4440 -ip 4440
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5280 -ip 5280
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5256 -ip 5256
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3928 -ip 3928
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3676 -ip 3676
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4440 -ip 4440
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5748 -ip 5748
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 64 -ip 64
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 828 -ip 828
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5640 -ip 5640
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5076 -ip 5076
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4064 -ip 4064
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3928 -ip 3928
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3676 -ip 3676
1⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5076 -ip 5076
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5624 -ip 5624
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6024 -ip 6024
1⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1456 -ip 1456
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5244 -ip 5244
1⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5472 -ip 5472
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5276 -ip 5276
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5652 -ip 5652
1⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5952 -ip 5952
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4720 -ip 4720
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5148 -ip 5148
1⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5200 -ip 5200
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5968 -ip 5968
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5624 -ip 5624
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5856 -ip 5856
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4416 -ip 4416
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3296 -ip 3296
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5244 -ip 5244
1⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5456 -ip 5456
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5472 -ip 5472
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5952 -ip 5952
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3408 -ip 3408
1⤵
PID:1160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5652 -ip 5652
1⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 1408 -ip 1408
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2580 -ip 2580
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1000 -ip 1000
1⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3460 -ip 3460
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4756 -ip 4756
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1792 -ip 1792
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3948 -ip 3948
1⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5276 -ip 5276
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4720 -ip 4720
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5200 -ip 5200
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5148 -ip 5148
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1132 -ip 1132
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5968 -ip 5968
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 3296 -ip 3296
1⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5212 -ip 5212
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5856 -ip 5856
1⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2084 -ip 2084
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5388 -ip 5388
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5456 -ip 5456
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3884 -ip 3884
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3408 -ip 3408
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2580 -ip 2580
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1408 -ip 1408
1⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1000 -ip 1000
1⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3460 -ip 3460
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6640 -ip 6640
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4756 -ip 4756
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6880 -ip 6880
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5228 -ip 5228
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4900 -ip 4900
1⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6040 -ip 6040
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1792 -ip 1792
1⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3948 -ip 3948
1⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1132 -ip 1132
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3152 -ip 3152
1⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5688 -ip 5688
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5212 -ip 5212
1⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2084 -ip 2084
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5388 -ip 5388
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3884 -ip 3884
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6640 -ip 6640
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6880 -ip 6880
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5228 -ip 5228
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4900 -ip 4900
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6040 -ip 6040
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5672 -ip 5672
1⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5448 -ip 5448
1⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3152 -ip 3152
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5688 -ip 5688
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4064 -ip 4064
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6024 -ip 6024
1⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5132 -ip 5132
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4736 -ip 4736
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5724 -ip 5724
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5964 -ip 5964
1⤵
PID:900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6360 -ip 6360
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1228 -ip 1228
1⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7144 -ip 7144
1⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6724 -ip 6724
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6820 -ip 6820
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6420 -ip 6420
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3644 -ip 3644
1⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5672 -ip 5672
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6920 -ip 6920
1⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6752 -ip 6752
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6780 -ip 6780
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1240 -ip 1240
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1592 -ip 1592
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5332 -ip 5332
1⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1804 -ip 1804
1⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5360 -ip 5360
1⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5448 -ip 5448
1⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5132 -ip 5132
1⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4736 -ip 4736
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6848 -ip 6848
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6636 -ip 6636
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6480 -ip 6480
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5724 -ip 5724
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6360 -ip 6360
1⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6872 -ip 6872
1⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5956 -ip 5956
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5532 -ip 5532
1⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 4472 -ip 4472
1⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1928 -ip 1928
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5964 -ip 5964
1⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6896 -ip 6896
1⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6732 -ip 6732
1⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6724 -ip 6724
1⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1228 -ip 1228
1⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 5880 -ip 5880
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6932 -ip 6932
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 4940 -ip 4940
1⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6172 -ip 6172
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6992 -ip 6992
1⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 3828 -ip 3828
1⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5888 -ip 5888
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 7136 -ip 7136
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6620 -ip 6620
1⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6968 -ip 6968
1⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6820 -ip 6820
1⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 7144 -ip 7144
1⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6420 -ip 6420
1⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3644 -ip 3644
1⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6752 -ip 6752
1⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7724 -ip 7724
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6920 -ip 6920
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6424 -ip 6424
1⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 64 -ip 64
1⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5664 -ip 5664
1⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6484 -ip 6484
1⤵
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6940 -ip 6940
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6660 -ip 6660
1⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6076 -ip 6076
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6780 -ip 6780
1⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 960 -ip 960
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7736 -ip 7736
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7956 -ip 7956
1⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 7992 -ip 7992
1⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4036 -ip 4036
1⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 7232 -ip 7232
1⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 640 -ip 640
1⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5824 -ip 5824
1⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 5692 -ip 5692
1⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5300 -ip 5300
1⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2676 -ip 2676
1⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5260 -ip 5260
1⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5912 -ip 5912
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4888 -ip 4888
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7488 -ip 7488
1⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 2260 -ip 2260
1⤵
PID:1176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6328 -ip 6328
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5404 -ip 5404
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 8108 -ip 8108
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7580 -ip 7580
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5880 -ip 5880
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6932 -ip 6932
1⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4940 -ip 4940
1⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 2736 -ip 2736
1⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2128 -ip 2128
1⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7592 -ip 7592
1⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 732 -ip 732
1⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6764 -ip 6764
1⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1324 -ip 1324
1⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6948 -ip 6948
1⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1968 -ip 1968
1⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4440 -ip 4440
1⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8188 -ip 8188
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 7200 -ip 7200
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 7668 -ip 7668
1⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 664 -ip 664
1⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6788 -ip 6788
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 8160 -ip 8160
1⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 832 -ip 832
1⤵
PID:14792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6396 -ip 6396
1⤵
PID:14828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5256 -ip 5256
1⤵
PID:14928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 7568 -ip 7568
1⤵
PID:15036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5372 -ip 5372
1⤵
PID:15148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1480 -ip 1480
1⤵
PID:15312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6404 -ip 6404
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3196 -ip 3196
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5704 -ip 5704
1⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5820 -ip 5820
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5892 -ip 5892
1⤵
PID:14740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 5416 -ip 5416
1⤵
PID:14756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 1160 -ip 1160
1⤵
PID:14708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1280 -ip 1280
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4260 -ip 4260
1⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5340 -ip 5340
1⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 2216 -ip 2216
1⤵
PID:14872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5740 -ip 5740
1⤵
PID:14900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 440 -ip 440
1⤵
PID:14956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4048 -ip 4048
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7656 -ip 7656
1⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 1136 -ip 1136
1⤵
PID:13996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe

Filesize
468KB

MD5
a92e7e9092d43b946a78e36c96cdc8ca

SHA1
eaac7f6506ed4a60d137e964a96d089c2f8c9b73

SHA256
9c1c8f044363e60c769fff611baef23947b89a40582951163ccacd3bf4be9375

SHA512
ac9a7c42b7d8a6d112bad1b5517635dbc221eba613dced6d4ce38c949d7217754c8f85794483eb0ccb58975c6404508f38c781b9335a83dbc0b31bcdcda87f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe

Filesize
468KB

MD5
5151ab39e6a836d880b649dc3bbb5855

SHA1
72ae6bc0637c43c7d80f13d9861bd7362b5f8e07

SHA256
4eba1601f0727996b98fb46244973e8ad3651a207981da2d032d2834cec497c3

SHA512
5c8aaf6bfa52758e103e83756203228331f68c601d324f636f9dabcd54613435c64f48d8f15a41092de3a848f1b7fcd8cedcda3198f82ec0368a9b48eb3a44b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe

Filesize
468KB

MD5
06228ad8b4d2444a8e5e89b561ee59c8

SHA1
706624429c311606799b8353615a9f529d397077

SHA256
af890fc7aa7db715f42c2a0fcf24acac3ba979fa0e27cf1f44ad17223a495843

SHA512
58b4a89e5f3e9d8ca57aed31df336e0c2c8038bc5740ff84636d5e42a5813f24b5c21743099b67fc0c9f23b01c8fa8b74ec85a8d861ac74aa4f4a43821ea3a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe

Filesize
468KB

MD5
01a5f7e30ddf5438f041b67643337647

SHA1
a16401c7fb09ae21ebe8d9b35c8be55fe87a534c

SHA256
483bcfcea512c709a92d61ee6d5490210a48695ea7698b8cd43bff1d2154bc49

SHA512
b8bfadbca893cb11f49386169f3d650cb473fc84ef702078782a9626243f493d7d06e4f7d8f99d41b3a53961cccc6043562267758a3aa184fa15998ab8e0ff9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe

Filesize
468KB

MD5
372099d292492cfb2da3414a630d67b0

SHA1
f343be0422bf9be5d6db4fea700c9a800ff2fbf9

SHA256
3131d451e077770eb9a01fc550b7684881980c6f288c6f228bec8acfe7c2d93a

SHA512
99d6a3fab05618e1bc2fa616bd20845ccf451e680b65a16162fb038a5604023d8b3ce472ca2eba54d5faf661a78bdba1bbfe630d912b225c8803c4816ce37ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe

Filesize
468KB

MD5
5455b6c9f62c9c04bf2cc2ba721c8a29

SHA1
641b6703fea93bccbbbdb99f52cbbff5d10b7176

SHA256
d2f00a7fbcb7757cd7580ba5e17bf61d7be55f309b1ef3c87b20118818c78098

SHA512
99e351d8e22157bf76c84d267ce48b4652c4f16b8c531ae46e89b322bd4da6100d78ade2455809c468a2a0527816b8652953ae433037ff34bdf7a0fb4d0ff263

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe

Filesize
468KB

MD5
cd1669788eba53d1db0f58af57949c22

SHA1
f524990f6bf787759dc370f2be42c6995ee6cf52

SHA256
f4cb0b7d55d059086254b5800106afc0138a88120a554f76d070c56d566d485b

SHA512
dd6363659c96c157ec62284b0e66d61fcef0265d96a2ed109e55bc928e58d9583e45b71eaf1b44e4addd8f268303658e9490c898f5f9b970b599bfb2f74cf378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe

Filesize
468KB

MD5
88b085d39bac4922c99338eb8aa0c5a7

SHA1
daf0776b467c3e22a13369db278634a4e3cb8f6a

SHA256
c502bb67ede0d5f3a3ad026d20ccfa84e5b73433d01b8c3a8f2f94fa163eef5a

SHA512
1912c5787f6c095a29b30f8f0bb36ede49814055b398323a1d60f545548d79c44c44af12e46f7e40956be6e99a87e0a5ca398a2beade7f1a4e89005b7bec3d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe

Filesize
468KB

MD5
d9a865537a1bf6db38dd0e6a07c0aedc

SHA1
da13471867d3f548067725494b95a02093ec6596

SHA256
edbfbc43f1a225659ccb4393e2b35fba626d11e89e7c5a8e371d84e96a808b7a

SHA512
de50b3fff476120ece6b5e2bf5f1359a3dd6448f6022d04f7164ca0406ab36712d1e261637c01acd61b0db3c6f6e82bef1fb83b0a231cbee5fc9bb80725353c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe

Filesize
468KB

MD5
86603188b8429f464b36457cb8a55f53

SHA1
8eceddc23612ca02b3c3ecbf642f9279143d2b78

SHA256
69cad848a80b8368f0af0d0b38a099d922d569790ca37b10e0dadac274bbfd5d

SHA512
597018b009f672e43a4364c185cc468c77bfef39e74a48a7ecabd4498680112cde749e8013e93aa58dd0b8fdbe717ed8daac381ec1c4fc038ac448707f92748f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe

Filesize
468KB

MD5
c23b6c530c0a959fa335acaa8eeb3bad

SHA1
0bbf17f78d743ae02a7490bfad256ce340f79b43

SHA256
dd8b420c6ff6a974756880d700ed6c80cfb6cf39cc1ba81a0fa2c00a0f60d215

SHA512
50bb7e97978f5ba129e17cd067e868d37dfb746d2c7c2f66986d57c183f0d471101453df63ed81437a85a53ec1b063a84c44137d9ac4d39e9c60709c0527c711

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe

Filesize
468KB

MD5
acd71bbbecdc0344365aaad921ecc8af

SHA1
23334f1eadecc0a2304e2f7f8c4420bde15b63b8

SHA256
ed4a595cabc1e9b90c8e0c4e5220a78a9ec63f60277faefcb2dc1bd84406037e

SHA512
1fe976bfead8477be25176b6a1e92f41d790572947aae9e35c05f6ee8b51e1426bca4b0437b1e4c20d0db9c16c3fe828067a7ec24e87fb44c34bc901c660216b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe

Filesize
468KB

MD5
5f7bd309d5b4b36b551f57cd6bdb50c1

SHA1
239896a9118684f0350f5df218121612b6648bb5

SHA256
df2d1064b733b084108ef1a6303b7a100043c92cf4be8118a2d9991302153f6f

SHA512
a504752ed8afefd982f9b9a125a0dced7aa4aadfcbfcdfd72411cda0c0b95d08035833c1c37edceb8e3cc94b817f2337407bf6ca30666c286c0be6c1b5d24ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe

Filesize
468KB

MD5
4497ace8b3458d6860ea23bfc64d5882

SHA1
d0dc287c291375b8a9807995cf749a14da44a60e

SHA256
154ad7d5624cbdfbb775c67dde61db8bd4f833d712901160c2bb5c59977703ed

SHA512
b69479f1e0c0711c07bbc4ebd8e030a77d4d7f20cce5d3f4a005d30281a6a5d6d36d2e56971bac7ab16ef5e0df5a437340a571a74da62101da81611d10e866b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe

Filesize
468KB

MD5
28981930fbc87492aa1f82174bba3889

SHA1
883000c7a3bb444f2dd72c72b6beadfa7df8ec5d

SHA256
cdd1dcfec26ed59e121d7d9d569a713ab21397e6928fd143f12beac959ae0e1c

SHA512
c9350e6952e066a9c90751bcdddc7763888a1cc604e7938fb2bd880609f441f4a63b506875aa011028760001a42a3289b70ed470d8828aeab5418f44e7a9ee50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe

Filesize
468KB

MD5
9a573767a6b26d0513f480c0bf1fad75

SHA1
fea43c6b3780f25bd64b05fbd273d4e446710efb

SHA256
4f4a38331db2dbd91553c6690d1e87417c3287e9bba77f6bce4044a0e67d30f9

SHA512
65740e5b199bbfa33809ab015781aad66487bcddc87b8bdcf82a4d654e9bb05ccd5114539ef73fc460ea849f10f81aba4995806c0b7925adb873dc8037387e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe

Filesize
468KB

MD5
6857ba7052a2051d10944410ff8aed92

SHA1
ad695a48279c6838ccff74f05f65bf343ac04d63

SHA256
f8bbbc77dfdfc90f3a5206040dbcdf843075c34a0a48ce8ad90b058a172435d2

SHA512
0eab151981edad4ee68064f1d125f0964eeb83c6031583c8b7fb1f470f7567c837d729e57fdd24482fd5d732fc66e9678320a216a107ccf5af59eb8bdcf7ea78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe

Filesize
468KB

MD5
c1cc3b367647b3d03b6600b0b1b5ba4b

SHA1
890448985df61edb2bc5bf62a62d02de0f1f2785

SHA256
5ba803d25685a7f6ef584b017e423ab9aea1022c09df94997ae845fa3a2fec7a

SHA512
1ec505d5d2c50e175cf2c7c6b8fc4e334ba543e39b448cf350d1ae2d705d628ab1d542aa6e691260227b637794bbca301b525bb117764e93dec763120e9a8835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe

Filesize
468KB

MD5
43adf327c79ba033838fe8edbbf0a605

SHA1
736fc5c177f07cb57f10e614cff7bdb238bb63b7

SHA256
fce4d99fcb048ce6e4eb0e5886ee5471cd908cc567e047517241a4f8163be4f5

SHA512
5b06aec5bd4146cb71f841df3ef71cadad2de2e927a0369ac3c30bee80c0f99a1f0929c463568b9ef59a6ecbf1cb668bfb9327580c6717bd00e6c67d2d3c87c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe

Filesize
468KB

MD5
f340a6baa177174454600a3adf37ebde

SHA1
7f57f00e62898f46de0186b99bed6ca9602e7cf6

SHA256
0296d8ed361923309e4eb0901cfb80c4c0147a55dfde5ed9500ffd1c74356374

SHA512
e0ef2fc374cca773f5674fb01aea2329b7973a2c10fff3c0a04d78006a15617ccb7893363644a5ff7d3b41f58187e975ea5553a3b1b0c3c2db32b582f0d30866

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe

Filesize
468KB

MD5
40f545345c4913fb187817792c55f896

SHA1
bd2f7638d90f8652ae09d0ba4b6861d89cf49a81

SHA256
2840a813eb840772f38a47756c949d4bf379dc498308d1e021242b4942870ad5

SHA512
f4a52bb7e5b33db2df31b985d6024eb0ad95f3019d8773c97405ee5a070a2bf9d0b51f5bc80789d71e4497fbbb0131e85451008f9b80deeb521d06b8dff1e8d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe

Filesize
468KB

MD5
d7e3bc0c314f57c42b8462de624ab86b

SHA1
33ce5766e3707e0e779055b18f826c41b3da9739

SHA256
d70482e9a80fcd227411339f4c520b225a9f118a1eca447b75a2d3862e0df064

SHA512
e5b13b3210c9799159143cfa35a201d80eb5e499d786b036907ff0cca0418d50f0a88b2027983130e23382920890828c541eace548ec0fdfdfe340be83ef2827

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe

Filesize
468KB

MD5
ea79ee94369fc198de2040ce4c36ba61

SHA1
9355103708857a8f88b9bc40ccb85ddbdf21a9a2

SHA256
bd2f96dba51a15aa0d884b206de4830c2c35a74337ede07cf625b96c56adc202

SHA512
eab9156712dee34545b91e1d4d5788231fbeb5a0becc73fc812883dee6f7578f13d92cba8b03884ce7343ee6cf09e6043cf0c2fc6a01412583de3ba31f0b12b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe

Filesize
468KB

MD5
30e86a9da758bef2279c0134bc3b6bf5

SHA1
acca1a55021ed224d4650eb429d33bf2d7c8dfc2

SHA256
4229f4a193a7d301bb4ad25d0c6860759bb70f6f71847916ac4b455d8dff6ade

SHA512
98a2c5c4a74760faafe523421d90f840621abc8b49e7bdbb17765f8c72022dc8a9fa0e15426987c0da79215e1ea2a53e3d37d5dc5535cdedda2d34e3068d164e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe

Filesize
468KB

MD5
7b09d6f308355d8f800558a7deb1e5bf

SHA1
4589fda32de555e463eb78e4331f327366b08bf7

SHA256
6aba40f123e68395cc381b87ff21e858ea42ca3cfc8d4dc78462ddfd0518e7c5

SHA512
a66ddfeca44f85b92b3b0969caa3a8824e7f5dc47d7646a53d9d54f682090b7473dec3c3c735b3c09006b559ded2e01a31e40e27621f97ef42d6e5c70f3611c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe

Filesize
468KB

MD5
ab59ca1284dd6c26ba6449087805b801

SHA1
c86f09ddd969c5237ce4bea3c4ec55bb26e52782

SHA256
ca34b51dba4b6daffbd779967175dee92abad255fc0545e0722e27129be0e7bc

SHA512
76d8120cd2401bbc7a60441e9bce97dc262e83bfc33b09bf1ac065c625fcf92d3c937aa24119ec2e572e8f3f517d37b9859faf59c97ba95cecf586c65d606082

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe

Filesize
468KB

MD5
5ccfe29ad27af42d8245952e5c2af5a1

SHA1
f92cda44997a466bc011db7c68a606a0b576b7db

SHA256
d4ac3d80439a9ba42f3fd7c0f83fb78fadce38373a0b31dc728ac8d09b35b1e0

SHA512
d7e9b609287ce23eb42a6cf69ec866ee3092b2098933d2f524fde685b299c3dad3252331a1dedfb045a08f0f40b8ac752569a63b205b34677c852e194c2c7064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe

Filesize
468KB

MD5
19a2d72b85af44734c44b72a634f15d6

SHA1
7a8d143ca9f97844584d2280edad3c6b337948c3

SHA256
17bfc66dc93d6f9f3627e20344cef25c57ccc783dff0dac0ccb5c9d1bbe7dad0

SHA512
68c536486c99de4b48d9d2362afd1b3e44c2da5d132e4c505022cf0d8390f416605925df56fa7daf919646e2a2dcbd241f0428e3ba0ed94f6e9dc652aa7458f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57863.exe

Filesize
468KB

MD5
358082fd5aaeb39c828406bf1c45f3f1

SHA1
2583acff0f1b2209593f4f5eef1d40e301d3bce8

SHA256
e1e14108268fbba91d15a4bc6b7671f6df51dc3fdb034bd46759e2a3591c3e12

SHA512
2b8f473346af69d221ab3fb16ca44e369686fb5eab4bc91dbeda2d61cfa1e18372f035ed318b5ebebe35ccff4313882e15cd82608ae152b9d1d59de31618355a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe

Filesize
468KB

MD5
3bae9cee187d8ff98ec9e6177a5f3501

SHA1
2f3b6a478b73e78ace5f9d77697bb3a45d289074

SHA256
3b5984feae51a4d5a58af813ee84b8b5772965105d768b7f50778811a5ac0554

SHA512
e4cd94deb2a63ade959efdf9d7e4a31ba6b2438d482f0c223bb9abb2d781aca70f703789ba67be4d2128043bacf52079d09ef88ca74d827531973da0a19888b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe

Filesize
468KB

MD5
9ddb48e823a6f3e9f78739eb4f427213

SHA1
8f12ebc761a247d874d174442068504bb3a9c4be

SHA256
7ba245742017bd24a409976c29ae8437a769cdd156fe4e309490cb9f739c9ea6

SHA512
25733aab8fde4daa4bd4cfa4287c34d7da298e5cacefe3d12cb636d3115d7f0ae1010f737478ea178b8325d79093a5e04088fd5d7bdcee256e224630f763a3a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe

Filesize
468KB

MD5
c1549646236c6a1dbb48b562f0be95d7

SHA1
146010f373c94d5dac7d33c42256fc23b9e6b9dc

SHA256
3e90a47a4984d28daa9b74cfe1ef5613411d23fdbad00513336e8e44bee909db

SHA512
13330af0444219e4e90f3634f553769747484a6812f768d497176f8890ffb73aa112faa841b315919d1b225a0d2dd21830ae5d19d99519afabd0fda3f519cde2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe

Filesize
468KB

MD5
15cf89ff291016201c3029e4a7deb7ac

SHA1
0833a77fb0cda69bc87f41aa174205189c5e1e3e

SHA256
f76f1d32d38271cb70a1c72d2c3228b588759a790c64be6a1272acab77b85e9c

SHA512
7c1dfcc0301394e9a7ef13d26765a762408e4753ad54d0c6276b14da2e2736b9b1c59b542e741ba1b8cfbaabdfc4bfaedc323de805303157d4760a0c3c15c78d

Download Submit