b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab

Analysis

max time kernel
40s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
Size

468KB
MD5

7d9a580d511ad998ffd9af564b681bde
SHA1

76d758082d1a316eb92a8ee84a6a52dbcf4badac
SHA256

b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab
SHA512

9de8dd282e21415d40178ba0bad5ece9a1dcd60f22715324f691719603389acca53e93524659382d7183bea391d1d9504b29496509c7ce26f27268d09a0b0144
SSDEEP

3072:1U3/ogbKIE5TtbYfHOxccf8/uC5dPLpknSH3K6Znih0L3dkSrUlW:1UvogMTtQHiccfe1nDihONkSr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3744	Unicorn-25180.exe
3996	Unicorn-17884.exe
344	Unicorn-23565.exe
3456	Unicorn-12507.exe
452	Unicorn-15117.exe
3948	Unicorn-44220.exe
980	Unicorn-5417.exe
3224	Unicorn-31060.exe
4132	Unicorn-35506.exe
4380	Unicorn-28839.exe
2860	Unicorn-5403.exe
1248	Unicorn-15609.exe
3144	Unicorn-1874.exe
1460	Unicorn-28382.exe
3568	Unicorn-32028.exe
4404	Unicorn-20138.exe
4156	Unicorn-64892.exe
1236	Unicorn-11673.exe
3200	Unicorn-17804.exe
760	Unicorn-38285.exe
932	Unicorn-58151.exe
1320	Unicorn-1851.exe
2700	Unicorn-6490.exe
4944	Unicorn-9257.exe
1328	Unicorn-44922.exe
2876	Unicorn-50787.exe
3684	Unicorn-49319.exe
2948	Unicorn-38882.exe
1052	Unicorn-44908.exe
2064	Unicorn-21289.exe
5060	Unicorn-59900.exe
1488	Unicorn-49039.exe
2892	Unicorn-49039.exe
508	Unicorn-8883.exe
2184	Unicorn-17244.exe
1476	Unicorn-41748.exe
3880	Unicorn-50492.exe
944	Unicorn-17554.exe
3220	Unicorn-1099.exe
4624	Unicorn-8498.exe
3896	Unicorn-14098.exe
2260	Unicorn-8042.exe
5080	Unicorn-56746.exe
2324	Unicorn-33780.exe
1792	Unicorn-20045.exe
4160	Unicorn-42516.exe
2328	Unicorn-31394.exe
1108	Unicorn-45012.exe
1612	Unicorn-46858.exe
2860	Unicorn-44244.exe
2084	Unicorn-23117.exe
4020	Unicorn-21852.exe
4856	Unicorn-46740.exe
5032	Unicorn-46475.exe
2244	Unicorn-21468.exe
2148	Unicorn-35111.exe
3428	Unicorn-44348.exe
3692	Unicorn-19844.exe
1536	Unicorn-19844.exe
4804	Unicorn-60492.exe
2384	Unicorn-59532.exe
3760	Unicorn-56195.exe
668	Unicorn-24565.exe
2768	Unicorn-36071.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4904	980	WerFault.exe	96
4492	980	WerFault.exe	96
4876	4132	WerFault.exe	98
2808	2860	WerFault.exe	100
1612	4132	WerFault.exe	98
4688	2860	WerFault.exe	100
1172	2700	WerFault.exe	118
4188	1320	WerFault.exe	117
3540	452	WerFault.exe	94
624	1248	WerFault.exe	102
3064	2700	WerFault.exe	118
524	1320	WerFault.exe	117
372	1248	WerFault.exe	102
2712	452	WerFault.exe	94
4188	4624	WerFault.exe	146
5788	3220	WerFault.exe	145
5872	4944	WerFault.exe	119
6044	3896	WerFault.exe	147
3092	1052	WerFault.exe	131
3612	2768	WerFault.exe	186
6076	4944	WerFault.exe	119
6012	3220	WerFault.exe	145
4296	3896	WerFault.exe	147
6628	5680	WerFault.exe	225
436	3080	WerFault.exe	199
8812	6584	WerFault.exe	319
5644	4820	WerFault.exe	206
6512	5624	WerFault.exe	223
6104	7128	WerFault.exe	342
4956	1568	WerFault.exe	296
3080	7064	WerFault.exe	338
6932	7108	WerFault.exe	341
5176	5316	WerFault.exe	360
1852	7020	WerFault.exe	335
544	6980	WerFault.exe	333
6956	2592	WerFault.exe	191
7712	7148	WerFault.exe	343
6920	2592	WerFault.exe	191
8960	1168	WerFault.exe	190
8432	752	WerFault.exe	269
8464	2184	WerFault.exe	141
8680	1792	WerFault.exe	151
8664	3880	WerFault.exe	143
9720	5596	WerFault.exe	358
9712	5864	WerFault.exe	381
10072	1224	WerFault.exe	423
9928	6852	WerFault.exe	327
9908	7032	WerFault.exe	336
9836	3308	WerFault.exe	351
9824	5512	WerFault.exe	347
9816	5604	WerFault.exe	350
9808	7088	WerFault.exe	340
9800	5108	WerFault.exe	363
10236	5664	WerFault.exe	403
10228	5876	WerFault.exe	393
10212	6784	WerFault.exe	394
9792	5448	WerFault.exe	279
8984	3432	WerFault.exe	244
4760	5708	WerFault.exe	289
8248	2932	WerFault.exe	305
8992	5768	WerFault.exe	405
10260	5008	WerFault.exe	286
10520	5052	WerFault.exe	196
10748	5472	WerFault.exe	300

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51852.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
3744	Unicorn-25180.exe
3996	Unicorn-17884.exe
344	Unicorn-23565.exe
3948	Unicorn-44220.exe
3456	Unicorn-12507.exe
452	Unicorn-15117.exe
980	Unicorn-5417.exe
3224	Unicorn-31060.exe
4132	Unicorn-35506.exe
4380	Unicorn-28839.exe
3144	Unicorn-1874.exe
1248	Unicorn-15609.exe
2860	Unicorn-5403.exe
1460	Unicorn-28382.exe
3568	Unicorn-32028.exe
4404	Unicorn-20138.exe
4156	Unicorn-64892.exe
1236	Unicorn-11673.exe
1328	Unicorn-44922.exe
932	Unicorn-58151.exe
4944	Unicorn-9257.exe
1320	Unicorn-1851.exe
2700	Unicorn-6490.exe
760	Unicorn-38285.exe
2876	Unicorn-50787.exe
3200	Unicorn-17804.exe
3684	Unicorn-49319.exe
2948	Unicorn-38882.exe
1052	Unicorn-44908.exe
2064	Unicorn-21289.exe
5060	Unicorn-59900.exe
1488	Unicorn-49039.exe
2892	Unicorn-49039.exe
2184	Unicorn-17244.exe
508	Unicorn-8883.exe
1476	Unicorn-41748.exe
3880	Unicorn-50492.exe
944	Unicorn-17554.exe
3220	Unicorn-1099.exe
1792	Unicorn-20045.exe
4624	Unicorn-8498.exe
2324	Unicorn-33780.exe
5080	Unicorn-56746.exe
2260	Unicorn-8042.exe
3896	Unicorn-14098.exe
2328	Unicorn-31394.exe
4160	Unicorn-42516.exe
1108	Unicorn-45012.exe
1612	Unicorn-46858.exe
2860	Unicorn-44244.exe
2084	Unicorn-23117.exe
4020	Unicorn-21852.exe
4856	Unicorn-46740.exe
5032	Unicorn-46475.exe
2244	Unicorn-21468.exe
2148	Unicorn-35111.exe
3428	Unicorn-44348.exe
1536	Unicorn-19844.exe
3692	Unicorn-19844.exe
2384	Unicorn-59532.exe
3760	Unicorn-56195.exe
4804	Unicorn-60492.exe
2768	Unicorn-36071.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 3744	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	87
PID 1648 wrote to memory of 3744	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	87
PID 1648 wrote to memory of 3744	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	87
PID 3744 wrote to memory of 3996	3744	Unicorn-25180.exe	89
PID 3744 wrote to memory of 3996	3744	Unicorn-25180.exe	89
PID 3744 wrote to memory of 3996	3744	Unicorn-25180.exe	89
PID 1648 wrote to memory of 344	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	90
PID 1648 wrote to memory of 344	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	90
PID 1648 wrote to memory of 344	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	90
PID 3996 wrote to memory of 3456	3996	Unicorn-17884.exe	93
PID 3996 wrote to memory of 3456	3996	Unicorn-17884.exe	93
PID 3996 wrote to memory of 3456	3996	Unicorn-17884.exe	93
PID 3744 wrote to memory of 452	3744	Unicorn-25180.exe	94
PID 3744 wrote to memory of 452	3744	Unicorn-25180.exe	94
PID 3744 wrote to memory of 452	3744	Unicorn-25180.exe	94
PID 344 wrote to memory of 3948	344	Unicorn-23565.exe	95
PID 344 wrote to memory of 3948	344	Unicorn-23565.exe	95
PID 344 wrote to memory of 3948	344	Unicorn-23565.exe	95
PID 1648 wrote to memory of 980	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	96
PID 1648 wrote to memory of 980	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	96
PID 1648 wrote to memory of 980	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	96
PID 3948 wrote to memory of 3224	3948	Unicorn-44220.exe	97
PID 3948 wrote to memory of 3224	3948	Unicorn-44220.exe	97
PID 3948 wrote to memory of 3224	3948	Unicorn-44220.exe	97
PID 344 wrote to memory of 4132	344	Unicorn-23565.exe	98
PID 344 wrote to memory of 4132	344	Unicorn-23565.exe	98
PID 344 wrote to memory of 4132	344	Unicorn-23565.exe	98
PID 3456 wrote to memory of 4380	3456	Unicorn-12507.exe	99
PID 3456 wrote to memory of 4380	3456	Unicorn-12507.exe	99
PID 3456 wrote to memory of 4380	3456	Unicorn-12507.exe	99
PID 452 wrote to memory of 2860	452	Unicorn-15117.exe	100
PID 452 wrote to memory of 2860	452	Unicorn-15117.exe	100
PID 452 wrote to memory of 2860	452	Unicorn-15117.exe	100
PID 3744 wrote to memory of 1248	3744	Unicorn-25180.exe	102
PID 3744 wrote to memory of 1248	3744	Unicorn-25180.exe	102
PID 3744 wrote to memory of 1248	3744	Unicorn-25180.exe	102
PID 3996 wrote to memory of 3144	3996	Unicorn-17884.exe	103
PID 3996 wrote to memory of 3144	3996	Unicorn-17884.exe	103
PID 3996 wrote to memory of 3144	3996	Unicorn-17884.exe	103
PID 1648 wrote to memory of 1460	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	104
PID 1648 wrote to memory of 1460	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	104
PID 1648 wrote to memory of 1460	1648	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	104
PID 3224 wrote to memory of 3568	3224	Unicorn-31060.exe	109
PID 3224 wrote to memory of 3568	3224	Unicorn-31060.exe	109
PID 3224 wrote to memory of 3568	3224	Unicorn-31060.exe	109
PID 3948 wrote to memory of 4404	3948	Unicorn-44220.exe	110
PID 3948 wrote to memory of 4404	3948	Unicorn-44220.exe	110
PID 3948 wrote to memory of 4404	3948	Unicorn-44220.exe	110
PID 3144 wrote to memory of 4156	3144	Unicorn-1874.exe	111
PID 3144 wrote to memory of 4156	3144	Unicorn-1874.exe	111
PID 3144 wrote to memory of 4156	3144	Unicorn-1874.exe	111
PID 3996 wrote to memory of 1236	3996	Unicorn-17884.exe	112
PID 3996 wrote to memory of 1236	3996	Unicorn-17884.exe	112
PID 3996 wrote to memory of 1236	3996	Unicorn-17884.exe	112
PID 4380 wrote to memory of 3200	4380	Unicorn-28839.exe	113
PID 4380 wrote to memory of 3200	4380	Unicorn-28839.exe	113
PID 4380 wrote to memory of 3200	4380	Unicorn-28839.exe	113
PID 1248 wrote to memory of 932	1248	Unicorn-15609.exe	116
PID 1248 wrote to memory of 932	1248	Unicorn-15609.exe	116
PID 1248 wrote to memory of 932	1248	Unicorn-15609.exe	116
PID 452 wrote to memory of 760	452	Unicorn-15117.exe	115
PID 452 wrote to memory of 760	452	Unicorn-15117.exe	115
PID 452 wrote to memory of 760	452	Unicorn-15117.exe	115
PID 1460 wrote to memory of 1320	1460	Unicorn-28382.exe	117

C:\Users\Admin\AppData\Local\Temp\b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
"C:\Users\Admin\AppData\Local\Temp\b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        11⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 636
        12⤵
        Program crash
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 724
        11⤵
        Program crash
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        10⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 636
        11⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 724
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        11⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 636
        11⤵
        
        PID:14916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 632
        10⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        9⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        9⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 636
        10⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        9⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 744
        9⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        8⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 640
        9⤵
        Program crash
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 648
        8⤵
        Program crash
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        9⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 644
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
        10⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 668
        9⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        8⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 636
        9⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        9⤵
        
        PID:15772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 676
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        7⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 636
        8⤵
        Program crash
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        8⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 640
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60449.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        10⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65425.exe
        11⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        10⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        9⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        10⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
        9⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        9⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        10⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
        9⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        9⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        9⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        8⤵
        
        PID:14560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 672
        7⤵
        Program crash
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 632
        6⤵
        Program crash
        
        PID:1172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 632
        6⤵
        Program crash
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        6⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        9⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        9⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 636
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        7⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 672
        7⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2629.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        7⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        7⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        5⤵
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        9⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        8⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 720
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40327.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        7⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        6⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 636
        7⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        7⤵
        
        PID:8040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 508
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
        5⤵
        
        PID:7148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 640
        6⤵
        Program crash
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        5⤵
        
        PID:7492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 640
        6⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        5⤵
        
        PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42236.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        9⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 640
        10⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        10⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        9⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        8⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        9⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 636
        10⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 652
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        9⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 648
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        9⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 548
        8⤵
        Program crash
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 636
        9⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 624
        8⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe
        7⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 636
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49713.exe
        7⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 656
        7⤵
        Program crash
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        6⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 636
        7⤵
        Program crash
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
        9⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        9⤵
        
        PID:15928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 636
        8⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23065.exe
        7⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 644
        8⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 644
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        7⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
        7⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 632
        8⤵
        Program crash
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 720
        7⤵
        Program crash
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        7⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 636
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51856.exe
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        7⤵
        
        PID:12856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 648
        6⤵
        Program crash
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        5⤵
        
        PID:1568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 684
        6⤵
        Program crash
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        6⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
        7⤵
        
        PID:13784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 636
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
        5⤵
        
        PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16596.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 636
        7⤵
        Program crash
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        5⤵
        
        PID:6584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 724
        6⤵
        Program crash
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        6⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        7⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 636
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        6⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27038.exe
        5⤵
        
        PID:808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 636
        6⤵
        
        PID:11128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 648
        5⤵
        
        PID:12628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 648
        5⤵
        
        PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        
        PID:8508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 636
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        5⤵
        
        PID:5464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 648
        5⤵
        
        PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
      4⤵
      PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
      4⤵
      PID:14612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 724
        5⤵
        Program crash
        
        PID:2808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 716
        5⤵
        Program crash
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 640
        6⤵
        Program crash
        
        PID:5788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 640
        6⤵
        Program crash
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 640
        6⤵
        Program crash
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        5⤵
        
        PID:7080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 560
      4⤵
      Program crash
      PID:3540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 560
      4⤵
      Program crash
      PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        9⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 636
        11⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        10⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
        10⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 668
        9⤵
        Program crash
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        7⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 636
        8⤵
        Program crash
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        7⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 636
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        8⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        9⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 660
        8⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        8⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        8⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 636
        7⤵
        
        PID:4548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 716
        6⤵
        Program crash
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        5⤵
        
        PID:4360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 740
      4⤵
      Program crash
      PID:624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 724
      4⤵
      Program crash
      PID:372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        6⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 676
        7⤵
        Program crash
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        6⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 632
        7⤵
        Program crash
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        6⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 636
        7⤵
        
        PID:11648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 636
        6⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        6⤵
        
        PID:2172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 632
        6⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        5⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        5⤵
        
        PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        6⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 636
        7⤵
        Program crash
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        6⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 636
        7⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
        6⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10838.exe
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        6⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        7⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 664
        7⤵
        
        PID:14948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 636
        6⤵
        
        PID:12020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 624
        5⤵
        Program crash
        
        PID:6920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 624
        5⤵
        Program crash
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43138.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
      4⤵
      PID:1224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 636
        5⤵
        Program crash
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      4⤵
      PID:8536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 640
        5⤵
        
        PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 624
        5⤵
        Program crash
        
        PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
      4⤵
      PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        6⤵
        
        PID:15568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 632
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
      4⤵
      PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56800.exe
        5⤵
        
        PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
      4⤵
      PID:11224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 628
      4⤵
      PID:14604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
    3⤵
    PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
    3⤵
    PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
      4⤵
      PID:7384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 636
        5⤵
        
        PID:13136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 668
      4⤵
      PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
    3⤵
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
      4⤵
      PID:11872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 724
    3⤵
    PID:12636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        10⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 636
        12⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        11⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 648
        11⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 636
        11⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        10⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 636
        10⤵
        Program crash
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        10⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 668
        10⤵
        
        PID:14988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 660
        9⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        9⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 632
        10⤵
        Program crash
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 716
        9⤵
        Program crash
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47569.exe
        8⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 636
        9⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        8⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 668
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        7⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 712
        7⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
        6⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        9⤵
        
        PID:432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 636
        9⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 636
        9⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
        8⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        7⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 640
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        7⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50713.exe
        7⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        9⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        8⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 628
        9⤵
        Program crash
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
        8⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        9⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        10⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        9⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
        9⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        8⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        7⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 636
        8⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        7⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        7⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 636
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        7⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        5⤵
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 636
        6⤵
        Program crash
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27007.exe
        5⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        7⤵
        
        PID:12308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 636
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        5⤵
        
        PID:2064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 748
        5⤵
        
        PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        9⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
        9⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        9⤵
        
        PID:16328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 628
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33239.exe
        8⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        7⤵
        
        PID:9416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 736
        6⤵
        Program crash
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        8⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 632
        9⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 748
        8⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        6⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 636
        7⤵
        Program crash
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        7⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        6⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        6⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        6⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 640
        7⤵
        Program crash
        
        PID:10228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 632
        6⤵
        Program crash
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        6⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        9⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        9⤵
        
        PID:15172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 636
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        7⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        6⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 632
        7⤵
        
        PID:1832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 632
        6⤵
        
        PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
      4⤵
      PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        5⤵
        
        PID:7984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 636
        6⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        5⤵
        
        PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        5⤵
        
        PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        6⤵
        
        PID:15692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 736
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
      4⤵
      PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        5⤵
        
        PID:15508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 636
      4⤵
      Program crash
      PID:4876
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 636
      4⤵
      Program crash
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        5⤵
        
        PID:7088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 644
        6⤵
        Program crash
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        5⤵
        
        PID:7420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 632
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        5⤵
        
        PID:9256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 772
        5⤵
        
        PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        8⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 664
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        7⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 712
        7⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 712
        7⤵
        
        PID:15608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 628
        6⤵
        Program crash
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        7⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 624
        7⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47518.exe
        6⤵
        
        PID:7004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 664
        6⤵
        
        PID:14972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 752
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        5⤵
        
        PID:7108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 632
        6⤵
        Program crash
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        5⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        5⤵
        
        PID:9360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 752
        5⤵
        
        PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
      4⤵
      PID:5316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 644
        5⤵
        Program crash
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        5⤵
        
        PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
      4⤵
      PID:7312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 772
      4⤵
      PID:13056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        5⤵
        
        PID:5680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 628
        6⤵
        Program crash
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        6⤵
        
        PID:13192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 668
        5⤵
        
        PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        5⤵
        
        PID:7772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 640
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        5⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6301.exe
        6⤵
        
        PID:6548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 636
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        5⤵
        
        PID:10404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 616
        5⤵
        
        PID:14680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 636
      4⤵
      Program crash
      PID:8960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64835.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        5⤵
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        5⤵
        
        PID:12344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 628
      4⤵
      PID:14124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
    3⤵
    PID:7624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 616
      4⤵
      PID:12252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 616
      4⤵
      PID:1300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
    3⤵
    PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
      4⤵
      PID:15708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
    3⤵
    PID:11984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
    3⤵
    PID:12400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 724
    3⤵
    - Program crash
    PID:4904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 760
    3⤵
    - Program crash
    PID:4492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 728
      4⤵
      Program crash
      PID:4188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 728
      4⤵
      Program crash
      PID:524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 724
      4⤵
      Program crash
      PID:6044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 724
      4⤵
      Program crash
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        5⤵
        
        PID:6844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 632
        6⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        6⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        5⤵
        
        PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        6⤵
        
        PID:10612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 668
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        5⤵
        
        PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
      4⤵
      PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        5⤵
        
        PID:10648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 668
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
    3⤵
    PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
      4⤵
      PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        5⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        6⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
      4⤵
      PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
        5⤵
        
        PID:12700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 668
      4⤵
      PID:12660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
    3⤵
    PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
      4⤵
      PID:13164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
    3⤵
    PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
    3⤵
    PID:10196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
    3⤵
    PID:12532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        9⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 632
        9⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        9⤵
        
        PID:15864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 636
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        8⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 660
        8⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        6⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        7⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 656
        7⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        8⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        7⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 664
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14310.exe
        6⤵
        
        PID:15812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 636
    3⤵
    - Program crash
    PID:5872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 636
    3⤵
    - Program crash
    PID:6076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 724
    3⤵
    - Program crash
    PID:4188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
  2⤵
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
      4⤵
      PID:5636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 632
        5⤵
        
        PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
      4⤵
      PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        5⤵
        
        PID:9868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 720
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
      4⤵
      PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
      4⤵
      PID:15556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
    3⤵
    PID:5156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 636
      4⤵
      PID:11712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
    3⤵
    PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
      4⤵
      PID:15984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
    3⤵
    PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
    3⤵
    PID:13592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
    3⤵
    PID:16336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
  2⤵
  PID:7020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 644
    3⤵
    - Program crash
    PID:1852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33735.exe
  2⤵
  PID:7460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
    3⤵
    PID:9484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 652
    3⤵
    PID:14980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
  2⤵
  PID:9312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
  2⤵
  PID:11552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
  2⤵
  PID:14524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 980 -ip 980
1⤵
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 980 -ip 980
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2860 -ip 2860
1⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4132 -ip 4132
1⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4132 -ip 4132
1⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2860 -ip 2860
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2700 -ip 2700
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1320 -ip 1320
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1248 -ip 1248
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 452 -ip 452
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3144 -ip 3144
1⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3144 -ip 3144
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2700 -ip 2700
1⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1320 -ip 1320
1⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1248 -ip 1248
1⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 452 -ip 452
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4624 -ip 4624
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3220 -ip 3220
1⤵
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3896 -ip 3896
1⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4944 -ip 4944
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4380 -ip 4380
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1052 -ip 1052
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1052 -ip 1052
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4380 -ip 4380
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4624 -ip 4624
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1476 -ip 1476
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 668 -ip 668
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2768 -ip 2768
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1476 -ip 1476
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 668 -ip 668
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2768 -ip 2768
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4944 -ip 4944
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3220 -ip 3220
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3896 -ip 3896
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4360 -ip 4360
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5228 -ip 5228
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2468 -ip 2468
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2572 -ip 2572
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 2824 -ip 2824
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4056 -ip 4056
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5080 -ip 5080
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4360 -ip 4360
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2572 -ip 2572
1⤵
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2468 -ip 2468
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5228 -ip 5228
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2824 -ip 2824
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5248 -ip 5248
1⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5080 -ip 5080
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4056 -ip 4056
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5076 -ip 5076
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5664 -ip 5664
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5556 -ip 5556
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5532 -ip 5532
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5608 -ip 5608
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5288 -ip 5288
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5360 -ip 5360
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6016 -ip 6016
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4820 -ip 4820
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5624 -ip 5624
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5680 -ip 5680
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6132 -ip 6132
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3080 -ip 3080
1⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5572 -ip 5572
1⤵
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2948 -ip 2948
1⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 932 -ip 932
1⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5248 -ip 5248
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5712 -ip 5712
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5076 -ip 5076
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5664 -ip 5664
1⤵
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2328 -ip 2328
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5288 -ip 5288
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5608 -ip 5608
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5532 -ip 5532
1⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3184 -ip 3184
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5032 -ip 5032
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2064 -ip 2064
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4020 -ip 4020
1⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2148 -ip 2148
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4856 -ip 4856
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 944 -ip 944
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5556 -ip 5556
1⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5624 -ip 5624
1⤵
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6016 -ip 6016
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5360 -ip 5360
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4820 -ip 4820
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3080 -ip 3080
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5680 -ip 5680
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6132 -ip 6132
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5572 -ip 5572
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2948 -ip 2948
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 932 -ip 932
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5712 -ip 5712
1⤵
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2328 -ip 2328
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2064 -ip 2064
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5032 -ip 5032
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3184 -ip 3184
1⤵
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4020 -ip 4020
1⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2148 -ip 2148
1⤵
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4856 -ip 4856
1⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 944 -ip 944
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5416 -ip 5416
1⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5752 -ip 5752
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2800 -ip 2800
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5920 -ip 5920
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6024 -ip 6024
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6104 -ip 6104
1⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6148 -ip 6148
1⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 3992 -ip 3992
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5196 -ip 5196
1⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1568 -ip 1568
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6696 -ip 6696
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2500 -ip 2500
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2800 -ip 2800
1⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5752 -ip 5752
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4160 -ip 4160
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3432 -ip 3432
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1536 -ip 1536
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6104 -ip 6104
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5920 -ip 5920
1⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6644 -ip 6644
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 6148 -ip 6148
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 6024 -ip 6024
1⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5528 -ip 5528
1⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6584 -ip 6584
1⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7080 -ip 7080
1⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3992 -ip 3992
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5416 -ip 5416
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5196 -ip 5196
1⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6108 -ip 6108
1⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4156 -ip 4156
1⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1724 -ip 1724
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 508 -ip 508
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1612 -ip 1612
1⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2244 -ip 2244
1⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2384 -ip 2384
1⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3692 -ip 3692
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1300 -ip 1300
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 760 -ip 760
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4804 -ip 4804
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1792 -ip 1792
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3880 -ip 3880
1⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2184 -ip 2184
1⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 752 -ip 752
1⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1168 -ip 1168
1⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2592 -ip 2592
1⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 1568 -ip 1568
1⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7148 -ip 7148
1⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6696 -ip 6696
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 7128 -ip 7128
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 2500 -ip 2500
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6980 -ip 6980
1⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7020 -ip 7020
1⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5316 -ip 5316
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 7064 -ip 7064
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 7108 -ip 7108
1⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4160 -ip 4160
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1536 -ip 1536
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3432 -ip 3432
1⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5596 -ip 5596
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5864 -ip 5864
1⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5108 -ip 5108
1⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7088 -ip 7088
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5512 -ip 5512
1⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5604 -ip 5604
1⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3308 -ip 3308
1⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6852 -ip 6852
1⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 7032 -ip 7032
1⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6644 -ip 6644
1⤵
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5528 -ip 5528
1⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7080 -ip 7080
1⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5720 -ip 5720
1⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6844 -ip 6844
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 1224 -ip 1224
1⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5636 -ip 5636
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5664 -ip 5664
1⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5876 -ip 5876
1⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6784 -ip 6784
1⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5768 -ip 5768
1⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6108 -ip 6108
1⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 508 -ip 508
1⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2932 -ip 2932
1⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1612 -ip 1612
1⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5708 -ip 5708
1⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 1724 -ip 1724
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 2384 -ip 2384
1⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4156 -ip 4156
1⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3692 -ip 3692
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 1300 -ip 1300
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5448 -ip 5448
1⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 2244 -ip 2244
1⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5008 -ip 5008
1⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5832 -ip 5832
1⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 760 -ip 760
1⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4804 -ip 4804
1⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5756 -ip 5756
1⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5376 -ip 5376
1⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5052 -ip 5052
1⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5472 -ip 5472
1⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6044 -ip 6044
1⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5424 -ip 5424
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5484 -ip 5484
1⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3760 -ip 3760
1⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7624 -ip 7624
1⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5364 -ip 5364
1⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7304 -ip 7304
1⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7572 -ip 7572
1⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 7772 -ip 7772
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 1468 -ip 1468
1⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6136 -ip 6136
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6264 -ip 6264
1⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6936 -ip 6936
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5156 -ip 5156
1⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4360 -ip 4360
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6604 -ip 6604
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6988 -ip 6988
1⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6280 -ip 6280
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6048 -ip 6048
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 7424 -ip 7424
1⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7720 -ip 7720
1⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7728 -ip 7728
1⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 7492 -ip 7492
1⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6128 -ip 6128
1⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7984 -ip 7984
1⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 9036 -ip 9036
1⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4192 -ip 4192
1⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7760 -ip 7760
1⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7420 -ip 7420
1⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7504 -ip 7504
1⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 3512 -ip 3512
1⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6608 -ip 6608
1⤵
PID:13724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 8928 -ip 8928
1⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 8556 -ip 8556
1⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 7976 -ip 7976
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 808 -ip 808
1⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 8176 -ip 8176
1⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 4716 -ip 4716
1⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5132 -ip 5132
1⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3744 -ip 3744
1⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 5612 -ip 5612
1⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 524 -ip 524
1⤵
PID:14428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6176 -ip 6176
1⤵
PID:14740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6332 -ip 6332
1⤵
PID:14904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 2328 -ip 2328
1⤵
PID:15112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 7384 -ip 7384
1⤵
PID:15148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7544 -ip 7544
1⤵
PID:15156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 2148 -ip 2148
1⤵
PID:15316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 8912 -ip 8912
1⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4492 -ip 4492
1⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 8508 -ip 8508
1⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4980 -ip 4980
1⤵
PID:14576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 8536 -ip 8536
1⤵
PID:14540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7208 -ip 7208
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1696 -ip 1696
1⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4500 -ip 4500
1⤵
PID:14516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6152 -ip 6152
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6580 -ip 6580
1⤵
PID:14344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 3684 -ip 3684
1⤵
PID:15540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 3948 -ip 3948
1⤵
PID:15592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6584 -ip 6584
1⤵
PID:15604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 8976 -ip 8976
1⤵
PID:15788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 8832 -ip 8832
1⤵
PID:15796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 752 -ip 752
1⤵
PID:16180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe

Filesize
468KB

MD5
7a2dee5ad1c89c7b67ca9230b3123c95

SHA1
5ace58bb53ee0a08d4278a06657367554d40818d

SHA256
87dbd99d079a49c45774afb4e52caa38705f08ce00e6ed0d305aebbcb321b718

SHA512
8e26161095abc04b3aa71005327151b2978cc67a465dd659ae88bf757dd9b639bac5bbfbfb7871c498d0d8721776b8faacf670b3214b881f866749dc9cc715ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe

Filesize
468KB

MD5
54ea0805b27a57c031852f4c7b740e9d

SHA1
6c913384ceb328c7f7fbcffc4dacb6648d6023d1

SHA256
0bd1302bf978cc8e8986cdb0078ac709c14a2d5effd6b0ac5882b8ea65653da7

SHA512
959f281ff5643ff824fa9c27a23be4d7d67a0e029781347614bf3fbd2828c944dcea1e4b302dbc68351bf01c6796a88a3433fba8a6b14d791c983b30b5d720cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe

Filesize
468KB

MD5
2b62f358e5dbe9f30f2e5feebe6da379

SHA1
3dcd8b95e49455ff644c6fbb7e995ab9a1f2ae74

SHA256
27028a75b7f6377acb98da8891656e55636a1d1ba22f678e0adb62e664e8d949

SHA512
e6c3f7a6f176150df41273243876513e00c6aec25247b013e196f908e0d0c768d95140e95644501c789b33059589d16ec72c3987548dda98446c7f93db52a2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe

Filesize
468KB

MD5
44190148742bc745f2703af2acec8660

SHA1
552684cd7e7d5b2d58ad773c4147663fb9ee9950

SHA256
966a9e916ab605592ca94c7b69d88834cb33ad265d74ed55a85a051fc9e3da44

SHA512
9e6e0925fb9843f2b2debc5d75486fc4169e786b31f899e614ecb47507acf9e633349fcd16ea60cfc05954d8eb365f192d76f85d93c041c627a1930ba94cf8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe

Filesize
468KB

MD5
ba7d1a1ff5a03579351c866d185eb86a

SHA1
4179e7eb0c3c480256914467dd6936a80b09de7e

SHA256
319eb29d259aa6ac2232708c950a3bf861e1fac440cf04d7e4307d637c8e1344

SHA512
9596495540d8aa167b8b7031ad8945428e2ef622dcf01f45a30337691cfe944652a0ca600eaf8007cd8a0d91ec7a0144331025c2aca493dfd2a97fede735c691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe

Filesize
468KB

MD5
afb757deb233f32bb345240a40a101ec

SHA1
0c56b8ae8c8ea524d3f19e1825cd85f62d45b3d5

SHA256
b6afa4205dc8b4be4dd1ab1391986eb6962600db7cacd8e0f5dac2841486925a

SHA512
69339ff00a5ee828dc5928f11cf2fa0377f7ef05c4f0799d1e3b7f9bf0fb2667a8c25cb392c1fe925c6c6c000b02a995362b9db2eab59dbd94f156c61935fccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe

Filesize
468KB

MD5
f8d06c7d04e6bd90ed89829db24eb229

SHA1
dcc52644d222e9a7fb9a78e976c7f5e9d503dd72

SHA256
4cc4ede88f8b84882e3b38c5ce8e65b99a2400e7a526def324b8381a367cef4e

SHA512
449216bf0e1897830e2ac011d30742220f4a995e70029c14e7336d0b85965cfc9a7d1a7452f2979bcea95a2896437f6adaf2c1807056510c1a21089119f5a48b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe

Filesize
468KB

MD5
e9c42f8dae7b741758900633417a61d2

SHA1
c3b629e32d49dd26aaf9fc041d8d46003428c5a0

SHA256
ad36f2a080d0efa60f74a50a00d247e48705a0208725072eee071d30097a7bfd

SHA512
8f522157cb66b5d94f7b3c80c2d56919f68ad23d0535b14b175396663eb65258fe48f014a3d285f54056db36af25f82b824b8df1a31e80ede1d347fbe061a4af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe

Filesize
468KB

MD5
e4114666208b121970b000cad06712c0

SHA1
d561648fa5e1213b385a6f37b41004c9abdb1c5e

SHA256
2275df76e1852590806f56276c8eb80ec9bf90a09e44142edb75b4f45880d1f4

SHA512
650639a5eb354f290b488b49a0a14e3763abb2f1f1bdd339d7de4fd9aa1b2d3643177d0e16dc01fa54654611603f4ed3882fed0e620bfb73edba284c0cc129a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe

Filesize
468KB

MD5
5049089a7b48d75deda92625068113e9

SHA1
50ce98b02543dcf97fb95cdbd4ea7d935cfe6cde

SHA256
6f14fb4805d7c6f8d41e2711347323fdea661b67b98d0d119d5166a4d3ae58bb

SHA512
9445c7ed6d910071e9bcf918598b92ffc7f1985b1c570eb3eb8d82379278fd539234f5471f10cfe5d7b31568ee387383e06fcfb0849f1dc53f063d9ee3880318

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe

Filesize
468KB

MD5
170fb1210fe90b252bef1b318171d5c8

SHA1
0197652b66dcaee4ff02a94b18f16399c886b763

SHA256
083dfab4505037927b1db8dd4af611a6de2581d34c65a84b99925157dff543d8

SHA512
56cdf92932c7288eb57df93c8411b65a83da51c3fb3cbea3641441df74174934974008cd0f4ea21c664c38a13a2ba8c8db05ea38d287954c695c5a2481b6c6cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe

Filesize
468KB

MD5
21f01b4864c78c4eda63ef0bde097f9d

SHA1
4e86e63cda96fda2f38b6c9a11c09ab6d87bd72d

SHA256
4e68157bbeca11fb16e0f556faecd09b4fa6a9a5fd3578610e148c2985c5d2eb

SHA512
88884b8a990038aafd510fe17802857bdf6caa26324773bb26e10f92c72334e3a6fc5054bc83af23ab9795f8614e04f0dc7b2a5f594f86e5578d4cc3b14a446e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe

Filesize
468KB

MD5
de314ce3c255fea270d147ea0aeef115

SHA1
3d711163ec0abccb23b9acddb1e6b933835fb7b9

SHA256
7f46c0de5100c36c1e74746621d07ca7304ae78bc4cd5de799cc1e767d88ac76

SHA512
164fdeefeede3ea3a05b780029a8c3b8dd794fdf4cd86611b27814aa1e4cf852322755ef4031b9764e39d28722bc4d6ee61b422801532ed86c8410dcc601f162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe

Filesize
468KB

MD5
c343eb48201fd763ea3c0045dec7db89

SHA1
2dd97cc842fcaed3b031169cfbf2a457bf2217a7

SHA256
5d5c47d7a81df202383b50b74c109a50c0c14801707133f789b32fb2e1ab0c24

SHA512
87e8d91659f0ca4c53908198cf975813444201640ca6e2a33f25297428b4600ee78221da3a5cb92c070026d0f830db3e9fed874a82c4f185c2340f6e6d81d22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe

Filesize
468KB

MD5
317873fccc45718bd3e3dad9b3e50e51

SHA1
e3a867dadf2c0987237d4489da75801300d386a3

SHA256
566552ca6cad0a1934be80a42e2a47431b11c3d7a43551fa30a98a5b9b7fdb80

SHA512
1e079c93ab121798b9e8f6f248113e421b060a5dd378bbfee248d53133a2c773da9d2cf410bb63729f916b65d4db243bd482c0e6255d643fe03b84d8cf5c40e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe

Filesize
468KB

MD5
cab2521bbc86828f340e97f525cdbf0b

SHA1
30cc73aa222c0faa5909b85954b4edbdd8556fe8

SHA256
525c16d64539344c214e037fdcef18d9c09090ed07e4a4d064ef84ce334a1080

SHA512
6e9d295612359e4bf82128c267e2844f45623c866105a84083751fffd9298aef74f9ceb8c8d0bcf3d576299d113f2dfae3c7d577ce71614898609329d1f20a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe

Filesize
468KB

MD5
3fb2ab7c26b7003237cd5d6458709639

SHA1
5abf2cb9a5a0d32fae705d8ece6793595aed339e

SHA256
0cbba805fed5112165202f085fe6b0938f5e5a77221d3e3eee99cf3dd5a033db

SHA512
d185be4dc81fbadcf31ebe82988a2d7872898b17fae03c30a3ee80b907d98c4c68e33201f59df268789a95f00eaef7393e977f6fb34b597629cafb260eb8b832

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38285.exe

Filesize
468KB

MD5
dfd5acb02bb7e5e72744751d77f6c144

SHA1
16fc9c44f7035af27e56d7be9cdb9d7d31f675ca

SHA256
64a2c5b63f1ba1833cc6f5b3dfd138fcab5e9bebd73e93fb4a33ce04a0997463

SHA512
b410d7f5b06e0903142a9642a83b73cf729a62c62944af35040c38f7a079c6328db645169197968a3589841571706fe924eb9f3f2a2b1c26e0e799228e475f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe

Filesize
468KB

MD5
c8950fcf5f958897b597168f8b6c059c

SHA1
edb9cbf6854d3a2d2476493d307337bc166f19a5

SHA256
41b80d7b0b9d2265aba2d382d9752ef9a83858fd17034e1718c79309da54c492

SHA512
e31a463f491135edfe927cf906f1998428df0933f0bca2bdd5efa69395d629a05028a453877f6cc02e4783bb470cdaffc1c1d4b74b9ce584f49ae4231c65a47c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe

Filesize
468KB

MD5
138653ca6cf036ac87bcb0ef0cf1f64a

SHA1
097afd89dbd46be865fdd10273fa6472b820fb3c

SHA256
79f4ec7dc920c9c12c7c9ff4a610cbc1089db8cca6350b9b06e35fff6e46aa72

SHA512
86fc3c5bd7dcea3c41e51a16e18355683347dc9095956ea760aba33f0a9dacca6e577c8aaaf31bcab87b2f752aa05fc74f23b5767acd14125b062c90d0328c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe

Filesize
468KB

MD5
6e7c296445ddd7703d5b1b93c558836f

SHA1
69093c9b3230c65f236eeb37264a8b5279a63e32

SHA256
6711855b14912850072b4dc265e03b7993479ec78c44f19c1812e3e004fe9566

SHA512
ea74b9a2e1ccca8205804de52f08d513164a74fac9de3bc19f756efaf21bc6d3f51875a2f13f293560116562df728748ac61c3cdb914d08f2334d311591d1e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe

Filesize
468KB

MD5
ea089dcffd32104acdc3774aa3bbfbb1

SHA1
c7766e8049078fcae2aa5a081a37f0c5848bda18

SHA256
8f892f60d24f6f0f95435d08e73fa029391791dd2527067cd11b930a829e0283

SHA512
48b257e7459575e101d0bd59adf861df0c0fb48c39dcb99a57ae3c10255582af1392134a22fec150f015a1074f9a193f0d92345f3c98176d31335812f211f6c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe

Filesize
468KB

MD5
1fa8cc44943eb2eed1b6ada5f925e2c9

SHA1
e6bfcd7f0061d2287bc7ae1ead50c2f9d5a5bfd9

SHA256
82ba0a08a99e161a65cb2f48f998581ae1f9de55cf167f529590a50614ad6781

SHA512
5514fb515736ad2b0f05b8a3a12ceb18d145d1c2a2fc7a2e38a22d911647c529a2cf7f1a4c855f0512f4023d401559f6691f6116e43b75e0848f22062ef28859

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe

Filesize
468KB

MD5
7353d3ffc75198a0d97b3bba4a77f4e7

SHA1
9c8ea102cd22d56d6c4c30d45bb1adbc5528514e

SHA256
b4a4b183b1de27241760041033a4800316533094e7eb01c3ddcaccbcabcd36ec

SHA512
3c7ce43c12585e41671cc430b1b6b35584e7d003f6bfa18d734b52c90a135b95becbbb3efd77203431be1e4032600f2826efeabf768ff512e824429b8c9a2038

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe

Filesize
468KB

MD5
19eb9e1e456a825d7147c0b7617584b6

SHA1
c20f380ba68814e2edb9516afbda6df84dab62fb

SHA256
ef7117da9b0534897d782b8034407936a5b6eea8733d10466b851a2ccfe1c41e

SHA512
dcaf3bf25cfd95391d9e2b1825f79506973b296b2b90d071241eeaa932e940d1cac6df72bea7668d9399bbaed3b197be577e3573d1253cfac4f10fb256c931c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe

Filesize
468KB

MD5
9525790c365011dc0b727deb37df18c2

SHA1
c91daa284d7b528f7aaf7f02bc952be29c823462

SHA256
4ed30ed33a77493c3761a315e29fb7eb5c29652e8e319b37184fb4dfbf900afe

SHA512
2c9ec59151d1834a98f7e44e8122bd2e884d46bdcaeb39ac081208bda117c1dc1386fb8d40cd62f440076c85d0e60df87562254d1436f09eeda0ad293ed1facb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe

Filesize
468KB

MD5
dd4a8abb3e9e99f35c98b210f6d6e8a3

SHA1
0ca805a9d344c262175f9b19abcf5f96931ffa96

SHA256
d6758fc7bbdb4f8e27f0347975e60b4c73bf7042aba3bf1a0c815a78f6433bc1

SHA512
e3ac52c8e6a912dc54050de20c72d8dd6ad58de9b95c07c6c96222743baa0e19d5e585fe8b8c9ddc41a1178d13c84060701bd536b114e78164e9981e45f735bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe

Filesize
468KB

MD5
d870c048ff0957055b2d9980f97f6200

SHA1
fe806fc9ce2fa1b68f2bb7db1e66da8020a967c8

SHA256
30ab78a89c47e265b4f88f0e34e88bdcb48d039d4a5a21eabc18c6db7858c6ac

SHA512
c0b4c1447549d4106a393e1a3e2a31bb66af6bd7646883bde71282cd8d4336b1153764a89e063d46d5bef07984af3cf69f41cf2dea5c6d9f4892e04c726f56b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe

Filesize
468KB

MD5
a84611fae085eaf271edf9e8919d93b9

SHA1
c20b411ecaf371f60a37bac4f381171740f6e8bd

SHA256
ac56f369141d0841d2c25189d20f6a7d367bb6804715a8f0349faca5967d08b1

SHA512
cccbc9583f2c880d45b53b65b064d94e1826c471a2a5b0f74d49ca45d4a8e7b445c7ad9dae4bda5331fa1ee842c549165f2e08be1ea25937fb75d0455de3040f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe

Filesize
468KB

MD5
6a1c155f26cfac77d203f0881405afdd

SHA1
b3198ddd2e90a070408642a4dcdc9b109aee9bd3

SHA256
6d186fb7867c6b70c34bb2a5d3b7566080545e43d4c41853fdfba36c5d091e4a

SHA512
11e4b40515b82cbd541ab42637286984fa56c8ab6dfb7951be90f505df7c90d1a4ad57dd818c0afc40e75c4c4f72984e96cfb2bc1e1172c666fb8cadf4c7dd9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe

Filesize
468KB

MD5
5558a0354fcc7fe93269d11b4eea55ee

SHA1
d3f89d4e6f1d20fde542e1eaea6053a0b98f658a

SHA256
f73aceee5c06851790c469c02045047c23ec521e72134cd23520b74ef93a50ca

SHA512
7edcd09b50739366c80e274c4ebb3ac12f28e49958f3dc527dc27e4c08a7ffb9e686bbc921df3d11f29b0d5165c7b386e3907a83ed9932cc9ee7db7e42d1fe2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe

Filesize
468KB

MD5
df01478d335cc6506cc647474769a7ec

SHA1
4d1fca7c6181f5c5e1485e86b5ae7b88627fdbc1

SHA256
a177f165b62907cb141867c06202873b550489464fc7535b135d9a368a7f19cd

SHA512
e5a8e28a555cb7a56e7d998125e2bb072a6493a8a9b3e82bed4f54146f4b4693206f3dd781c16d7648905d0d412e3d0963b730c9a89686745880388355caa80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe

Filesize
468KB

MD5
b9368f3552e7a412e3b7b82543e3ff67

SHA1
439122f877a8a78c5e19e86730aa586a62e18c77

SHA256
5014e94b9911a24b5d320c90e985d14198e3720011466921b0b421a478645718

SHA512
e692fb595fabeca310577249c90d4b140b120e01ffc1e2a91347574dd9573bea7343914e164a0d94cd3797d91bce35aaa3d334e3bc015c73787166cd8b78d027

Download Submit