dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933

Analysis

max time kernel
149s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
Size

468KB
MD5

a3802b99257a69d299afa69f75930740
SHA1

5f8d870ecdca14b432deeb3966f5f0546d9856df
SHA256

dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933
SHA512

bcd6cd5b56b23943e9880de0c71cf50664e07747969a5733a007f976e42f20b4ab6066380a2bbfd85ba1d57a12cf5e06f2b537c548742afc4521321cd5192fed
SSDEEP

3072:1U3/og3KIE5TtbYfHOxccf8/uC5dPLpknSHRK6Znih0L3dkSrUlT:1Uvo8MTtQHiccfe1BDihONkSr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2152	Unicorn-10737.exe
4956	Unicorn-57966.exe
4320	Unicorn-12527.exe
3012	Unicorn-57494.exe
4604	Unicorn-16462.exe
1092	Unicorn-6247.exe
4004	Unicorn-53965.exe
4836	Unicorn-59414.exe
1124	Unicorn-4083.exe
4036	Unicorn-13228.exe
4512	Unicorn-46705.exe
1732	Unicorn-1853.exe
5008	Unicorn-35080.exe
3588	Unicorn-50390.exe
3744	Unicorn-9165.exe
972	Unicorn-54837.exe
4124	Unicorn-32907.exe
4812	Unicorn-21972.exe
1588	Unicorn-37489.exe
2380	Unicorn-17888.exe
4368	Unicorn-31623.exe
1972	Unicorn-41838.exe
2632	Unicorn-40250.exe
3860	Unicorn-44889.exe
1276	Unicorn-16322.exe
1768	Unicorn-16322.exe
2816	Unicorn-32658.exe
3780	Unicorn-48994.exe
3580	Unicorn-48994.exe
3596	Unicorn-5915.exe
1196	Unicorn-57717.exe
3716	Unicorn-63284.exe
4264	Unicorn-43948.exe
4060	Unicorn-3612.exe
2032	Unicorn-60484.exe
4448	Unicorn-13581.exe
4888	Unicorn-27871.exe
3076	Unicorn-54100.exe
4896	Unicorn-22482.exe
1728	Unicorn-18952.exe
4512	Unicorn-31802.exe
1232	Unicorn-56114.exe
4204	Unicorn-53374.exe
4720	Unicorn-89.exe
4976	Unicorn-89.exe
3320	Unicorn-4728.exe
1076	Unicorn-24594.exe
2136	Unicorn-64557.exe
5100	Unicorn-53182.exe
5024	Unicorn-44749.exe
2308	Unicorn-36083.exe
1628	Unicorn-61118.exe
3244	Unicorn-3716.exe
1444	Unicorn-44052.exe
1592	Unicorn-49653.exe
4500	Unicorn-59304.exe
4960	Unicorn-32186.exe
1900	Unicorn-1412.exe
3872	Unicorn-37614.exe
1972	Unicorn-29446.exe
3288	Unicorn-53685.exe
540	Unicorn-26330.exe
2680	Unicorn-9793.exe
5000	Unicorn-46228.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1956	4604	WerFault.exe	100
1272	4956	WerFault.exe	93
5076	4604	WerFault.exe	100
3564	4956	WerFault.exe	93
4308	4036	WerFault.exe	105
3076	4512	WerFault.exe	106
320	1124	WerFault.exe	104
1088	4512	WerFault.exe	106
4920	1124	WerFault.exe	104
396	4036	WerFault.exe	105
4244	1972	WerFault.exe	129
4852	4368	WerFault.exe	128
4604	2380	WerFault.exe	127
4164	4004	WerFault.exe	102
4804	1972	WerFault.exe	129
244	4368	WerFault.exe	128
5064	2380	WerFault.exe	127
4816	4004	WerFault.exe	102
4340	3860	WerFault.exe	141
1192	3860	WerFault.exe	141
4028	3596	WerFault.exe	152
2148	972	WerFault.exe	122
4052	4124	WerFault.exe	124
1000	3580	WerFault.exe	147
1432	972	WerFault.exe	122
2164	3580	WerFault.exe	147
5088	4124	WerFault.exe	124
1140	3596	WerFault.exe	152
5652	4720	WerFault.exe	183
4420	920	WerFault.exe	215
4780	4264	WerFault.exe	154
5188	1628	WerFault.exe	193
1484	4264	WerFault.exe	154
5992	3356	WerFault.exe	237
1944	920	WerFault.exe	215
8556	5952	WerFault.exe	282
5416	2308	WerFault.exe	192
6584	540	WerFault.exe	209
5660	6708	WerFault.exe	383
9112	3716	WerFault.exe	153
8816	1276	WerFault.exe	142
9332	4060	WerFault.exe	155
9448	1116	WerFault.exe	216
9620	448	WerFault.exe	327
9756	3564	WerFault.exe	247
9764	4852	WerFault.exe	242
9824	4548	WerFault.exe	235
9804	5052	WerFault.exe	246
9560	3800	WerFault.exe	231
9552	7324	WerFault.exe	450
9532	7176	WerFault.exe	444
9440	4896	WerFault.exe	178
9324	6276	WerFault.exe	361
9300	1728	WerFault.exe	179
9276	6424	WerFault.exe	369
9268	2368	WerFault.exe	354
9260	6524	WerFault.exe	374
9252	6556	WerFault.exe	402
9244	5440	WerFault.exe	410
9236	6508	WerFault.exe	372
9228	6788	WerFault.exe	387
9220	6908	WerFault.exe	390
5588	1592	WerFault.exe	196
460	2136	WerFault.exe	187

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-89.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37334.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2152	Unicorn-10737.exe
4956	Unicorn-57966.exe
4320	Unicorn-12527.exe
4004	Unicorn-53965.exe
3012	Unicorn-57494.exe
1092	Unicorn-6247.exe
4604	Unicorn-16462.exe
4836	Unicorn-59414.exe
1124	Unicorn-4083.exe
4036	Unicorn-13228.exe
4512	Unicorn-46705.exe
1732	Unicorn-1853.exe
5008	Unicorn-35080.exe
3588	Unicorn-50390.exe
972	Unicorn-54837.exe
3744	Unicorn-9165.exe
4124	Unicorn-32907.exe
2380	Unicorn-17888.exe
4368	Unicorn-31623.exe
1972	Unicorn-41838.exe
1588	Unicorn-37489.exe
4812	Unicorn-21972.exe
2632	Unicorn-40250.exe
3860	Unicorn-44889.exe
1276	Unicorn-16322.exe
1768	Unicorn-16322.exe
2816	Unicorn-32658.exe
2032	Unicorn-60484.exe
4060	Unicorn-3612.exe
1196	Unicorn-57717.exe
3580	Unicorn-48994.exe
4264	Unicorn-43948.exe
3780	Unicorn-48994.exe
3716	Unicorn-63284.exe
3596	Unicorn-5915.exe
4448	Unicorn-13581.exe
4888	Unicorn-27871.exe
3076	Unicorn-54100.exe
4896	Unicorn-22482.exe
1728	Unicorn-18952.exe
4512	Unicorn-31802.exe
1232	Unicorn-56114.exe
4204	Unicorn-53374.exe
3320	Unicorn-4728.exe
4720	Unicorn-89.exe
4976	Unicorn-89.exe
1076	Unicorn-24594.exe
2136	Unicorn-64557.exe
1444	Unicorn-44052.exe
2308	Unicorn-36083.exe
4500	Unicorn-59304.exe
3244	Unicorn-3716.exe
1628	Unicorn-61118.exe
5100	Unicorn-53182.exe
1592	Unicorn-49653.exe
5024	Unicorn-44749.exe
1972	Unicorn-29446.exe
4960	Unicorn-32186.exe
3872	Unicorn-37614.exe
540	Unicorn-26330.exe
1900	Unicorn-1412.exe
3288	Unicorn-53685.exe
2680	Unicorn-9793.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 2152	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	90
PID 3192 wrote to memory of 2152	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	90
PID 3192 wrote to memory of 2152	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	90
PID 2152 wrote to memory of 4956	2152	Unicorn-10737.exe	93
PID 2152 wrote to memory of 4956	2152	Unicorn-10737.exe	93
PID 2152 wrote to memory of 4956	2152	Unicorn-10737.exe	93
PID 3192 wrote to memory of 4320	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	94
PID 3192 wrote to memory of 4320	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	94
PID 3192 wrote to memory of 4320	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	94
PID 4956 wrote to memory of 3012	4956	Unicorn-57966.exe	99
PID 4956 wrote to memory of 3012	4956	Unicorn-57966.exe	99
PID 4956 wrote to memory of 3012	4956	Unicorn-57966.exe	99
PID 4320 wrote to memory of 4604	4320	Unicorn-12527.exe	100
PID 4320 wrote to memory of 4604	4320	Unicorn-12527.exe	100
PID 4320 wrote to memory of 4604	4320	Unicorn-12527.exe	100
PID 3192 wrote to memory of 1092	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	101
PID 3192 wrote to memory of 1092	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	101
PID 3192 wrote to memory of 1092	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	101
PID 2152 wrote to memory of 4004	2152	Unicorn-10737.exe	102
PID 2152 wrote to memory of 4004	2152	Unicorn-10737.exe	102
PID 2152 wrote to memory of 4004	2152	Unicorn-10737.exe	102
PID 4004 wrote to memory of 4836	4004	Unicorn-53965.exe	103
PID 4004 wrote to memory of 4836	4004	Unicorn-53965.exe	103
PID 4004 wrote to memory of 4836	4004	Unicorn-53965.exe	103
PID 2152 wrote to memory of 1124	2152	Unicorn-10737.exe	104
PID 2152 wrote to memory of 1124	2152	Unicorn-10737.exe	104
PID 2152 wrote to memory of 1124	2152	Unicorn-10737.exe	104
PID 1092 wrote to memory of 4036	1092	Unicorn-6247.exe	105
PID 1092 wrote to memory of 4036	1092	Unicorn-6247.exe	105
PID 1092 wrote to memory of 4036	1092	Unicorn-6247.exe	105
PID 3192 wrote to memory of 4512	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	106
PID 3192 wrote to memory of 4512	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	106
PID 3192 wrote to memory of 4512	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	106
PID 3012 wrote to memory of 1732	3012	Unicorn-57494.exe	107
PID 3012 wrote to memory of 1732	3012	Unicorn-57494.exe	107
PID 3012 wrote to memory of 1732	3012	Unicorn-57494.exe	107
PID 4320 wrote to memory of 5008	4320	Unicorn-12527.exe	111
PID 4320 wrote to memory of 5008	4320	Unicorn-12527.exe	111
PID 4320 wrote to memory of 5008	4320	Unicorn-12527.exe	111
PID 4836 wrote to memory of 3588	4836	Unicorn-59414.exe	119
PID 4836 wrote to memory of 3588	4836	Unicorn-59414.exe	119
PID 4836 wrote to memory of 3588	4836	Unicorn-59414.exe	119
PID 5008 wrote to memory of 3744	5008	Unicorn-35080.exe	120
PID 5008 wrote to memory of 3744	5008	Unicorn-35080.exe	120
PID 5008 wrote to memory of 3744	5008	Unicorn-35080.exe	120
PID 4004 wrote to memory of 972	4004	Unicorn-53965.exe	122
PID 4004 wrote to memory of 972	4004	Unicorn-53965.exe	122
PID 4004 wrote to memory of 972	4004	Unicorn-53965.exe	122
PID 3192 wrote to memory of 4124	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	124
PID 3192 wrote to memory of 4124	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	124
PID 3192 wrote to memory of 4124	3192	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	124
PID 3012 wrote to memory of 4812	3012	Unicorn-57494.exe	125
PID 3012 wrote to memory of 4812	3012	Unicorn-57494.exe	125
PID 3012 wrote to memory of 4812	3012	Unicorn-57494.exe	125
PID 2152 wrote to memory of 1588	2152	Unicorn-10737.exe	126
PID 2152 wrote to memory of 1588	2152	Unicorn-10737.exe	126
PID 2152 wrote to memory of 1588	2152	Unicorn-10737.exe	126
PID 1092 wrote to memory of 2380	1092	Unicorn-6247.exe	127
PID 1092 wrote to memory of 2380	1092	Unicorn-6247.exe	127
PID 1092 wrote to memory of 2380	1092	Unicorn-6247.exe	127
PID 4320 wrote to memory of 4368	4320	Unicorn-12527.exe	128
PID 4320 wrote to memory of 4368	4320	Unicorn-12527.exe	128
PID 4320 wrote to memory of 4368	4320	Unicorn-12527.exe	128
PID 1732 wrote to memory of 1972	1732	Unicorn-1853.exe	129

C:\Users\Admin\AppData\Local\Temp\dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
"C:\Users\Admin\AppData\Local\Temp\dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 640
        7⤵
        Program crash
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 640
        7⤵
        Program crash
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        8⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        11⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        12⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        13⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        13⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26568.exe
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 636
        12⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 716
        11⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 716
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        10⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 744
        10⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 636
        10⤵
        Program crash
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 636
        10⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 724
        9⤵
        Program crash
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        9⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        10⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        10⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        10⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        10⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        9⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        9⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        9⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 508
        8⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 636
        10⤵
        Program crash
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        9⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
        10⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 656
        9⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        8⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 640
        9⤵
        Program crash
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 660
        8⤵
        Program crash
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        7⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 636
        8⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 624
        7⤵
        Program crash
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        6⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 628
        7⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        6⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 636
        6⤵
        Program crash
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 632
        6⤵
        Program crash
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        8⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 644
        9⤵
        Program crash
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27720.exe
        8⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 656
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        8⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        9⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        9⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        9⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        9⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        7⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 636
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
        7⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        7⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        7⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 636
        8⤵
        Program crash
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        8⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 664
        7⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
        6⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        7⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        7⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        6⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        5⤵
        
        PID:6432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 636
        6⤵
        
        PID:8920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 636
        6⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        5⤵
        
        PID:7680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 724
        6⤵
        
        PID:13040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 508
        5⤵
        
        PID:12800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 748
      4⤵
      Program crash
      PID:1272
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 748
      4⤵
      Program crash
      PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        9⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        10⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21363.exe
        9⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        11⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        10⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        9⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        8⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 632
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        7⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 636
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
        7⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 616
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        7⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        8⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 628
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
        8⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 632
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 636
        10⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        10⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 632
        10⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 724
        9⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        8⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 636
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        9⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        9⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        9⤵
        
        PID:14676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 740
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        7⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 636
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        7⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 636
        8⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 636
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        7⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14233.exe
        9⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        10⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
        10⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        11⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44736.exe
        10⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        9⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        10⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        10⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30319.exe
        9⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24787.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        8⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 712
        7⤵
        Program crash
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
        6⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 724
        7⤵
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        6⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
        7⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        6⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 720
        6⤵
        Program crash
        
        PID:4340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 720
        6⤵
        Program crash
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        9⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 640
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
        9⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        10⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        9⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        9⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        10⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        10⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        10⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 664
        8⤵
        Program crash
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        7⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 644
        8⤵
        Program crash
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20111.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57845.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        7⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        9⤵
        
        PID:15036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 632
        8⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 632
        8⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        8⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        7⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        7⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        6⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        7⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6396.exe
        5⤵
        
        PID:6372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 636
        6⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
        5⤵
        
        PID:5888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 624
        6⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        5⤵
        
        PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 632
        6⤵
        Program crash
        
        PID:1000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 676
        6⤵
        Program crash
        
        PID:2164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 748
        5⤵
        Program crash
        
        PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 772
        5⤵
        Program crash
        
        PID:1432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 752
      4⤵
      Program crash
      PID:4164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 780
      4⤵
      Program crash
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 636
      4⤵
      Program crash
      PID:320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 632
      4⤵
      Program crash
      PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
        6⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 636
        7⤵
        Program crash
        
        PID:9268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 752
        6⤵
        Program crash
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        5⤵
        Executes dropped EXE
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 712
        6⤵
        Program crash
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        5⤵
        
        PID:6776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 636
        6⤵
        
        PID:3208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 720
        5⤵
        Program crash
        
        PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22594.exe
        7⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 632
        8⤵
        Program crash
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        7⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 632
        7⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-948.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        7⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 640
        8⤵
        
        PID:15312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 656
        7⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
        7⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        6⤵
        
        PID:13992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 716
        5⤵
        Program crash
        
        PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        5⤵
        
        PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        6⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
        5⤵
        
        PID:8820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 640
        6⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        5⤵
        
        PID:14528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
      4⤵
      PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
      4⤵
      PID:11060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 668
        9⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 668
        9⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        8⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        8⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 628
        7⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        5⤵
        
        PID:6936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 644
        6⤵
        
        PID:4052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 740
        5⤵
        Program crash
        
        PID:460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        6⤵
        
        PID:10216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 660
        6⤵
        
        PID:14068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 760
        5⤵
        Program crash
        
        PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
      4⤵
      PID:6308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 648
        5⤵
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
      4⤵
      PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        5⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        6⤵
        
        PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
      4⤵
      PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
        5⤵
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
      4⤵
      PID:14288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29498.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50046.exe
        6⤵
        
        PID:11672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 656
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
      4⤵
      PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        5⤵
        
        PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
      4⤵
      PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
      4⤵
      PID:10372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
    3⤵
    PID:6424
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 636
      4⤵
      Program crash
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
    3⤵
    PID:8440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
    3⤵
    PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1628.exe
    3⤵
    PID:13392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
    3⤵
    PID:14164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 724
      4⤵
      Program crash
      PID:1956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 740
      4⤵
      Program crash
      PID:5076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        9⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 724
        10⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        9⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        9⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        9⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        9⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        9⤵
        
        PID:15092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 512
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        9⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        11⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        11⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        10⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        10⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        9⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        9⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57934.exe
        9⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 636
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        8⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 640
        9⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57689.exe
        7⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 636
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        7⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        7⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
        6⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 720
        7⤵
        Program crash
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 740
        7⤵
        Program crash
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        6⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 644
        7⤵
        
        PID:5612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 752
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        9⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17331.exe
        10⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 656
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        9⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        10⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        9⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        10⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20164.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
        9⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6148.exe
        9⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        9⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        9⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        9⤵
        
        PID:15164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 676
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        8⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        9⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
        6⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 636
        7⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        7⤵
        
        PID:14716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 504
        6⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29402.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
        7⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 636
        8⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 656
        7⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        7⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        6⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        5⤵
        
        PID:6560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 644
        6⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
        5⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        5⤵
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        6⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        9⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 636
        9⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 656
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        7⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 640
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        7⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        6⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 644
        7⤵
        
        PID:3608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 724
        6⤵
        Program crash
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        5⤵
        
        PID:6060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 636
        6⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        6⤵
        
        PID:13548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 508
        5⤵
        
        PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60886.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        8⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        6⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 656
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        6⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54685.exe
        6⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        5⤵
        
        PID:5440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 640
        6⤵
        Program crash
        
        PID:9244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 668
        5⤵
        Program crash
        
        PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        6⤵
        
        PID:8560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 632
        5⤵
        
        PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
        5⤵
        
        PID:11392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 632
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
      4⤵
      PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        5⤵
        
        PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
      4⤵
      PID:14672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4368
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 728
      4⤵
      Program crash
      PID:4852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 728
      4⤵
      Program crash
      PID:244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        8⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        9⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        9⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 664
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        7⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        6⤵
        
        PID:7568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 756
        6⤵
        
        PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
      4⤵
      PID:4624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 628
        5⤵
        
        PID:9052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 648
      4⤵
      Program crash
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
      4⤵
      PID:3356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 636
        5⤵
        Program crash
        
        PID:5992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 716
      4⤵
      Program crash
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2849.exe
    3⤵
    PID:6524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 640
      4⤵
      Program crash
      PID:9260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
      4⤵
      PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
      4⤵
      PID:14884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
    3⤵
    PID:10320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
    3⤵
    PID:13432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 724
      4⤵
      Program crash
      PID:4308
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 748
      4⤵
      Program crash
      PID:396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 632
      4⤵
      Program crash
      PID:4604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 632
      4⤵
      Program crash
      PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        8⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        9⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 636
        10⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        9⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50445.exe
        8⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 652
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32660.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        8⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        7⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        8⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        9⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        6⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 720
        7⤵
        
        PID:14900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 748
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
        6⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        8⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 724
        8⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        8⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28576.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        7⤵
        
        PID:11444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 512
        6⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        7⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
        7⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        6⤵
        
        PID:1480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 632
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        5⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
      4⤵
      PID:6264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 644
        5⤵
        
        PID:5896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 636
      4⤵
      Program crash
      PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
      4⤵
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
        7⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        6⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
        5⤵
        
        PID:5708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 708
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
      4⤵
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        5⤵
        
        PID:6708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 728
        6⤵
        Program crash
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        6⤵
        
        PID:15044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 728
        5⤵
        
        PID:11384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        6⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 644
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46029.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        6⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        5⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        5⤵
        
        PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      4⤵
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51758.exe
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        6⤵
        
        PID:5364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 720
        6⤵
        
        PID:13348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 720
        6⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
      4⤵
      PID:7624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 636
        5⤵
        
        PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
      4⤵
      PID:7572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
    3⤵
    PID:6244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 640
      4⤵
      PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
      4⤵
      PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
      4⤵
      PID:14516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
    3⤵
    PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
      4⤵
      PID:14340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25164.exe
    3⤵
    PID:13420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
    3⤵
    PID:6652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 636
    3⤵
    - Program crash
    PID:3076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 656
    3⤵
    - Program crash
    PID:1088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 640
        5⤵
        Program crash
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        6⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        6⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        7⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        6⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        5⤵
        
        PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
      4⤵
      PID:7228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 504
      4⤵
      PID:12776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 756
    3⤵
    - Program crash
    PID:4052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 716
    3⤵
    - Program crash
    PID:5088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
      4⤵
      PID:1884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 744
    3⤵
    - Program crash
    PID:4780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 764
    3⤵
    - Program crash
    PID:1484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 632
    3⤵
    - Program crash
    PID:5188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
  2⤵
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        5⤵
        
        PID:7012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 664
        5⤵
        
        PID:12816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 636
      4⤵
      Program crash
      PID:9620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
    3⤵
    PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
      4⤵
      PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      4⤵
      PID:14128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
    3⤵
    PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
    3⤵
    PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
    3⤵
    PID:13204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
  2⤵
  PID:5760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 724
    3⤵
    PID:8812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
  2⤵
  PID:7692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
    3⤵
    PID:11848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
  2⤵
  PID:10028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
  2⤵
  PID:12428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
  2⤵
  PID:14756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4604 -ip 4604
1⤵
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4956 -ip 4956
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4604 -ip 4604
1⤵
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4956 -ip 4956
1⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4036 -ip 4036
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4512 -ip 4512
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1124 -ip 1124
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4036 -ip 4036
1⤵
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1124 -ip 1124
1⤵
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4512 -ip 4512
1⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1972 -ip 1972
1⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4368 -ip 4368
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2380 -ip 2380
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1732 -ip 1732
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4004 -ip 4004
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1732 -ip 1732
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1972 -ip 1972
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2380 -ip 2380
1⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4368 -ip 4368
1⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4004 -ip 4004
1⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3860 -ip 3860
1⤵
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3860 -ip 3860
1⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3580 -ip 3580
1⤵
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3596 -ip 3596
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 972 -ip 972
1⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4124 -ip 4124
1⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 972 -ip 972
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3596 -ip 3596
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3580 -ip 3580
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4124 -ip 4124
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1076 -ip 1076
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1628 -ip 1628
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4720 -ip 4720
1⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1444 -ip 1444
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1628 -ip 1628
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1076 -ip 1076
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1196 -ip 1196
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4264 -ip 4264
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4720 -ip 4720
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 920 -ip 920
1⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1444 -ip 1444
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1820 -ip 1820
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1232 -ip 1232
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4204 -ip 4204
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2816 -ip 2816
1⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1196 -ip 1196
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1820 -ip 1820
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1232 -ip 1232
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4204 -ip 4204
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2816 -ip 2816
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4264 -ip 4264
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3356 -ip 3356
1⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 920 -ip 920
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1892 -ip 1892
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 452 -ip 452
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 372 -ip 372
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 1884 -ip 1884
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5216 -ip 5216
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 452 -ip 452
1⤵
PID:508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1892 -ip 1892
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 372 -ip 372
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1884 -ip 1884
1⤵
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5404 -ip 5404
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5352 -ip 5352
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5448 -ip 5448
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5268 -ip 5268
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5912 -ip 5912
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6024 -ip 6024
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5808 -ip 5808
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5300 -ip 5300
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5480 -ip 5480
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5124 -ip 5124
1⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5420 -ip 5420
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5784 -ip 5784
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5820 -ip 5820
1⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5432 -ip 5432
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 908 -ip 908
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5924 -ip 5924
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5160 -ip 5160
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5332 -ip 5332
1⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5636 -ip 5636
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5680 -ip 5680
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5952 -ip 5952
1⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6048 -ip 6048
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5568 -ip 5568
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5216 -ip 5216
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 2308 -ip 2308
1⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1900 -ip 1900
1⤵
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 540 -ip 540
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3288 -ip 3288
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4960 -ip 4960
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4448 -ip 4448
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5100 -ip 5100
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1644 -ip 1644
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5352 -ip 5352
1⤵
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2680 -ip 2680
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5000 -ip 5000
1⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3204 -ip 3204
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4920 -ip 4920
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5024 -ip 5024
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5404 -ip 5404
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5176 -ip 5176
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5268 -ip 5268
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6052 -ip 6052
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6020 -ip 6020
1⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5580 -ip 5580
1⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5912 -ip 5912
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5448 -ip 5448
1⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6024 -ip 6024
1⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5300 -ip 5300
1⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5808 -ip 5808
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5480 -ip 5480
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5784 -ip 5784
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 5124 -ip 5124
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5420 -ip 5420
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5820 -ip 5820
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 908 -ip 908
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5924 -ip 5924
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5432 -ip 5432
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5332 -ip 5332
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 5636 -ip 5636
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5160 -ip 5160
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5680 -ip 5680
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6048 -ip 6048
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5952 -ip 5952
1⤵
PID:1308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5568 -ip 5568
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 2308 -ip 2308
1⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1900 -ip 1900
1⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 4960 -ip 4960
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 540 -ip 540
1⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4448 -ip 4448
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 3288 -ip 3288
1⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1644 -ip 1644
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5100 -ip 5100
1⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5000 -ip 5000
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 4920 -ip 4920
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 2680 -ip 2680
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3204 -ip 3204
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5024 -ip 5024
1⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5176 -ip 5176
1⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6052 -ip 6052
1⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6020 -ip 6020
1⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5580 -ip 5580
1⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6708 -ip 6708
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6560 -ip 6560
1⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1076 -ip 1076
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6264 -ip 6264
1⤵
PID:1380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5760 -ip 5760
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6308 -ip 6308
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2372 -ip 2372
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6776 -ip 6776
1⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6640 -ip 6640
1⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6936 -ip 6936
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 6256 -ip 6256
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 6484 -ip 6484
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6060 -ip 6060
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6300 -ip 6300
1⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6432 -ip 6432
1⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6372 -ip 6372
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4624 -ip 4624
1⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6696 -ip 6696
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5184 -ip 5184
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6612 -ip 6612
1⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3716 -ip 3716
1⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1768 -ip 1768
1⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5236 -ip 5236
1⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6244 -ip 6244
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6628 -ip 6628
1⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6468 -ip 6468
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6928 -ip 6928
1⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6424 -ip 6424
1⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2368 -ip 2368
1⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6524 -ip 6524
1⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6556 -ip 6556
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5440 -ip 5440
1⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6508 -ip 6508
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6788 -ip 6788
1⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6908 -ip 6908
1⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1276 -ip 1276
1⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1592 -ip 1592
1⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2136 -ip 2136
1⤵
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6276 -ip 6276
1⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4060 -ip 4060
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1728 -ip 1728
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3356 -ip 3356
1⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4896 -ip 4896
1⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 1116 -ip 1116
1⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7176 -ip 7176
1⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7324 -ip 7324
1⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3800 -ip 3800
1⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3564 -ip 3564
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4852 -ip 4852
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5052 -ip 5052
1⤵
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4548 -ip 4548
1⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 448 -ip 448
1⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 7976 -ip 7976
1⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5876 -ip 5876
1⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6344 -ip 6344
1⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 2436 -ip 2436
1⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5984 -ip 5984
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 5252 -ip 5252
1⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5292 -ip 5292
1⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5972 -ip 5972
1⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 1224 -ip 1224
1⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5764 -ip 5764
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7016 -ip 7016
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6900 -ip 6900
1⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2800 -ip 2800
1⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4500 -ip 4500
1⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 3320 -ip 3320
1⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3224 -ip 3224
1⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5848 -ip 5848
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3780 -ip 3780
1⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 1512 -ip 1512
1⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 1972 -ip 1972
1⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3012 -ip 3012
1⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4180 -ip 4180
1⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6740 -ip 6740
1⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5628 -ip 5628
1⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1404 -ip 1404
1⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 7488 -ip 7488
1⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7508 -ip 7508
1⤵
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 7712 -ip 7712
1⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7260 -ip 7260
1⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7772 -ip 7772
1⤵
PID:13888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7828 -ip 7828
1⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7684 -ip 7684
1⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 7536 -ip 7536
1⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 7624 -ip 7624
1⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 9124 -ip 9124
1⤵
PID:13412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5684 -ip 5684
1⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5816 -ip 5816
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 5212 -ip 5212
1⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 7452 -ip 7452
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 8820 -ip 8820
1⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8684 -ip 8684
1⤵
PID:13964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6076 -ip 6076
1⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7568 -ip 7568
1⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5412 -ip 5412
1⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6368 -ip 6368
1⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 4344 -ip 4344
1⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 6316 -ip 6316
1⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6652 -ip 6652
1⤵
PID:14720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 8924 -ip 8924
1⤵
PID:15004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 9040 -ip 9040
1⤵
PID:15252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5916 -ip 5916
1⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6668 -ip 6668
1⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4368 -ip 4368
1⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 5888 -ip 5888
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 372 -ip 372
1⤵
PID:14672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 9192 -ip 9192
1⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 5708 -ip 5708
1⤵
PID:14368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 8784 -ip 8784
1⤵
PID:15060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 9072 -ip 9072
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5668 -ip 5668
1⤵
PID:14616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 2252 -ip 2252
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6188 -ip 6188
1⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 6752 -ip 6752
1⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7992 -ip 7992
1⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6008 -ip 6008
1⤵
PID:14708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 7736 -ip 7736
1⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5364 -ip 5364
1⤵
PID:13984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 9024 -ip 9024
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7680 -ip 7680
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7116 -ip 7116
1⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5268 -ip 5268
1⤵
PID:12240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe

Filesize
468KB

MD5
17d4b70a1a0177bfdbe4d670ddde957a

SHA1
48466fece32dfc348b455aa1378b1afb674beb2a

SHA256
e9f215100bb4ea223986da89b9e08f28f46d7e8c785a68899c5ef961c010ecc9

SHA512
57e2b7303c156f523d23f4f92a11a2ecb244c8d7e7e5aaaccc35c4e78c680307c7fe973fe5d05c4dde702d012867e7fe70c1c07606e44e7b87ddae19b4ebe405

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe

Filesize
468KB

MD5
b6a2a533d3f8872f600731f6de63a29f

SHA1
a8ef63a469218bcf61b95e65a72d3638c38d797e

SHA256
ec5e7da8df2fd7e0b8c70803b2f4a55c157a2f5ae08f02412b201fc4507e64a9

SHA512
a0307ed7b324ccd0374e42747df0c3361d1664e104ecb4ac9c8a45a97d847a4a0ddfe7c6adc19d59189def23061d65b495093b1a2bef2582799a4d4701ebbea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe

Filesize
468KB

MD5
ce22ceebc7f706a61c07ce06fdd08df6

SHA1
dd4e8ed03069274ca6cb462b5f04fb71c5e60363

SHA256
fde3a723201d8be1288b6dbd16770d239fdeb48e4b2985166c1daf7b9c1e50e8

SHA512
a892d0e850f32837907598664afef37fb2f39025b77ff938dfb00a5db403e76661c14ae649d6457cbb3215c2fb546799c58a846cae7ac3c35c2a6f27cce3b43e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe

Filesize
468KB

MD5
b23e473081c2012a715cb1ee0d1e50d7

SHA1
dbc9cd13832234908a155c757c35a6ab63a61de1

SHA256
3ce8cb91dd11a56ffb2ab162d5a8a00049e1d3b4d36e36cf61b1f88c790013d2

SHA512
5794a03bb0787e50c85156334c58db0ec15e412417b60080d0482bc85806470e0635dc05a417bc784ba389ae2573db4fdf943661c127ca3ff9d3b1a22afa2439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe

Filesize
468KB

MD5
63238e0d2c93f7826f5ba0e22f7a8809

SHA1
1b18fc2358a5434796d290d1d43fbbf28ff4984a

SHA256
73e8e4ba33cf20486fc52e217df158e9d4ea552a9d520464ae6c9743c09946ae

SHA512
ec33631d8e6cb288dfa6a3dbcc55780ff2877c495e6f3f0a73c0ea150e1bd8d9dd598138a63f57556694bcf28757e721c395603a4e0b99f5a9399f8aa69f1acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe

Filesize
468KB

MD5
d85da413a77efa99f90df96fb94ef109

SHA1
649587c19cf2badf096984168e49bf16ca119466

SHA256
868d8a38c1addf9fa879c8c2270eac780eded7ffc6c5a1c07cb39157fa112b9a

SHA512
70db5414acd54a2dc792219acb94c247d1983d46387ea396c19659d181d9b7ec8f429d2df148061c19bff9ea54a134374b4a1add11324c304d7418b6e689ee86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe

Filesize
468KB

MD5
9acd0623e729bc7b152483304586b21b

SHA1
758545ee38708ad51e7f34e93d6a4595b6ddaad3

SHA256
2d5e090db073f3d2265b3d8df6e5366df8b175f35db25778131f66c020efd44a

SHA512
621f46ca8c7cc9fc31305a06a8cef3ae5013d082c800f5e2b37ccf61e7a8c62d0c6a54065cd7d816f5b4778f5c4284b9d2fc3df0ce756ab1b3dcff7b8091a603

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe

Filesize
468KB

MD5
777ac51dabc1905666e2db1dba7ef440

SHA1
bc7d11f92e6d64d950f15ac90744393f4c387674

SHA256
eff5b4db62112a6e7bf1d7d8255320325034eafd1c7e26639ab274cc2dc809e2

SHA512
e2e335807d9527c9c187e08e66b9aaec3a6be3f5416e8ce563bcb2b05ca8166e45bf9fa276fedd7b9f068d0ca1129500544491f6054f470bf7661f8bf26792c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe

Filesize
468KB

MD5
8533840fc91103964f01eb6dc965c3f1

SHA1
404860b3316a0da94fa44faf3b6cdceb9af01564

SHA256
2b2a98d3982e22cd32a5e659a63588af13ef03c442c840456817a38f893bb8e8

SHA512
1f9a60db332bb446875806105075ad50451bd58606edddc9071bd5f556f8458712d578e9e008e2cb6935204413b28acceb01b239842b8246d545eab103916bab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe

Filesize
468KB

MD5
4ee40b4481587c9d3ff73050a7c9431a

SHA1
5b737784e37964e31fec5c4f86eeeec175a06b7a

SHA256
37e3b258332d61bd3d5867c032f4b8ee75d5a5d63f240e55d8b8ea8b0add84c4

SHA512
ed7808fba81f72de102c003e8d896cb41d814cd01c53830ac9b12739f1645e48116bc7e4ac378c7ad65d0b75ad8fa4eda1e22d8c0bf3e4baf876f60e8832e7b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe

Filesize
468KB

MD5
c8432708add7aecc464e605e3592cf4d

SHA1
ea6ea710c4cbb5e3000844b851b42e708d8105c1

SHA256
d2318e7006c6ee876d93ded73bb22b72031cbd6c0c7477d45769c9b8413904c1

SHA512
fd9b7ff2c46dae920f508b6daa44abdfbf68b8e901c595f86c573b01f89cb2df7dfcb7b1fb6ca40f6c0e3971b2482f71e2d5116ea2bfa2012cdc623a1416c968

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe

Filesize
468KB

MD5
032ad07eff1e1bd072e028b98be01290

SHA1
30391269824bef0676098400a76d394c1dfc3399

SHA256
0605c448eddfdf734b1e4d39a48df19d4670b35c4aadcec32264afdd8783971f

SHA512
bc564fe16203ebc1bf3f444036abd0da412372119139156341dc46bb7f88ab75bed98c0db75388c653967a74ab8b28b11eae04bfa1ff4dc0c17668261c6dea0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe

Filesize
468KB

MD5
27ae5bf633f537924b27386264ad069e

SHA1
0f31c8a774de30b7674a40637b2e222e4c24bffc

SHA256
74df8f4e46a5b10587f0199f8a641786a31c2b3051d0cf335336fbc16168c0dc

SHA512
b4e3096587cfc2d963a5e544763fe3e022baab59de9c8f0af3dd8e39d1898370c43d840a0e6fd1a1549a83577663b2d3640fb7bb3752f3670be0466fe60de9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe

Filesize
468KB

MD5
a74b0cf50c83e94d48df9df106a9a43a

SHA1
11a5b241e7e7a371c9e42f2b92b66cc8f5a2eaa8

SHA256
796c5f43678571e5aa20d8da9f766b6445168916e13e425a3ed4f0932c89dc2c

SHA512
568dafbc65bcc3089ac34f7158732e4f958304ee7c5008d27b1f18e0ba829b1204f0997c79b8c1df2eec067840b1d08e3012e90e7bc68cdf55dee1d7982504f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe

Filesize
468KB

MD5
06a99aa787b6705fe61700cafa78f2b1

SHA1
e96e8689df0393f9d7c162d4f5a73aabb54d3987

SHA256
07473aa12d74025c97871195eb9ab4c3aa06d6c3bb9c42c849ef4c7d84d2758b

SHA512
c00d8202aaa59219f35776fa14e2963078fb0b5405a408a2365df4426499001ed2af2339b85f449c118e993090f8494abdff61faa3413ec1aacba68e640d2e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe

Filesize
468KB

MD5
9d0275a02700fbed6c67e9d2c654b44f

SHA1
4c8e512cbe528bcd7b16980193f241afb958ee9d

SHA256
d2f6e730568a5644a1c9502ac5865d090aa343b3974e09ecf85cafea6da5b98d

SHA512
3bf9b5c0e5a7214adcce432beb3205b4c1628b36ae09e3a7ef1b99317c8f210fa0727131e4ec121f3474a992c11802ddfe60ed9c5fc21e040d92825494a417ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe

Filesize
468KB

MD5
67e208beceef1028043fc736a876fa19

SHA1
98ddcf297c62d7bb1ec7f6b0e2ff3341df3b3af5

SHA256
efbb19332589ff8315405328a8640d7932cd5a4d67706f2a1e2c28ae963724cd

SHA512
e87b2a4ce30c85e5d1b4e6376dd48d0715a4fadb6609ebe2cef33e7fa0ab5e8aa12e7f85a979aa4a9e909bc479d9185db6fa903448df9fad1cdc783ffff3f576

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe

Filesize
468KB

MD5
94d6b6b0e30c48f1ec85c09bb7261fa1

SHA1
1466fa8feaad9cb9a6501687e651adf83dbbc0cc

SHA256
e24813248af092ba32156758425b441e6b1c58cdc3ef9faa3b47c818cddfda17

SHA512
56801ba4d59477a8102ca3e820d820d2bddd7daf99cf5014365e860204f84b234e9067dcb50593f5c197a04f9bd344ea9e89643a05297cdcf32719a14b0b2a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe

Filesize
468KB

MD5
31f0fdea2a8c0c3a687c0d67ddda8819

SHA1
c10ebe46e45b91bd3ff9a9a63c54086a074b5aaa

SHA256
bdf235d7447946026247a7580f13f96113b78dc61c73191e9772643c57b40518

SHA512
b9905b3606cf9b81a6c9e1f2cb28955b04421f9720c5af4e4a4dc204a7b9897bf4565eaed1484bad958730f141071e0e74432dd88b2db8488019aa000cd87dd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe

Filesize
468KB

MD5
0a6bc73775c55042c7465f19b7e02825

SHA1
bdc678d8be512989ecfcb7f5021cbceddecfa920

SHA256
b68cc059ad703c86b078ca62fee6284693319496d619ea9d58c5d0eb8e725eca

SHA512
9309787c57d80e07a270ff83641788f2f7bb4fca28a108421ea6a467a41094602372a55d748e97a8eb0de924e68bfda68a613c892db93544e4338430a439f933

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe

Filesize
468KB

MD5
d6f598e7c5426424eb59d344875eb685

SHA1
46b3afb8e2bcd36c4505fc84606c94632d726634

SHA256
e49286cf422f9a6f77da605dfb280c116c870b0faf6b0d3f2f6de0c6f9d8248f

SHA512
7930a0ec7cfcbaa45437b2676e7a9726d6c3432073ea122c8de8c5cfc3f36a22f12f3a966407679e4dd829648b3b80690be87e614399ca13da83a64f111a3722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54837.exe

Filesize
468KB

MD5
8c2c53cd3105ee9c16b33de8c7ad1be9

SHA1
abdd8f9d7b81d031a8ce492a8d5b4ca1e36060c5

SHA256
61da615afa9756b43d2574577edd7041f4654478d2ed00efabf7a6ad35cc9cf8

SHA512
336903863b7778bb8173837ae5a94697b8dd4527befa97cd66a419742a90e6b2d8c5f316b5ee46b4886b92d6f80ef9390744e78d1ad4d9bbf03d340eb0efed06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe

Filesize
468KB

MD5
389fc17990ab0c0298c024c79b683b27

SHA1
a383fabab114a8c052042f00eafab89ea19e900a

SHA256
3581839735b86c81fe54b4241413caeab16fcc7fe00afbf31b7e6ee0220081bf

SHA512
b2442b14ce498b460b26c16f9969e332bf5941c6ede695e1fc96e293b6b35d3ab231e2698becf60b4fe494443eed1f98c4c5c61f2a007e750dd5919c5512f8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe

Filesize
468KB

MD5
e5832ee179186bd72dbae00db4d15c58

SHA1
3363dd5cb04113b6f4534803ce0871775cbcbd3d

SHA256
8c9808544aa30ae90abcbd3f6782834322a4233b24abf92e06788f334bd55a86

SHA512
2ef0e6c2a56380d3d99a6ab8ac2974fb8ce8e82157e221c196d4327893ca64786eb4096d15d5a5122bd758719b1bc0abacfbc8bb5a30d2f89b59b8ec5269fe5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe

Filesize
468KB

MD5
127742640db221d233c66c53b1afc571

SHA1
c95d08ed73cdc55983f89bc232838940300f1824

SHA256
3cd921b695d30187c51f5d84c812d252c29a759e84e80a7cbbc58cc00a850878

SHA512
88483bde7022848251adb24812e9236dd87f90192c62745715d4d4ad4aa077600c84cadc8c8fa8e4026415158dc0b8788ea0eaad8856c915f40ba23178757a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe

Filesize
468KB

MD5
d104b696c0a5574e15a28bda63f7f95f

SHA1
5b243251c5e8903f9446c925f1cfb7e64dce6dc3

SHA256
8882ec529aa3940c63cd618492210767d0665741dbe5969a8c21a320901eca02

SHA512
d2018790eb9dc9a639f5876b2f8157dd9e50dfa05640d1f19bccd27c9c910b0a7e7b0c9ccf65b5d2bd2f00f1591e7319ddcfe8a81bfcd51a74cffc8eb1e6261e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe

Filesize
468KB

MD5
fa1fd1e70ea06d1755ae045f92b2f62a

SHA1
70c21cf3fe589cc7151a29cdde2f7a3fd1562c75

SHA256
7392081af4f1f2ac7926e9283501a7b8fa9dbc6c7abad70373f1b69ec8f54b58

SHA512
514313ac8a0d8dfc430a91d5f7fbe0d5750c6874f8289eea86e212a5ce3690726c23257d4515b8dc4a7f666ba5dbe87aeb2697b8424305a452ed4e7d23e04f76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe

Filesize
468KB

MD5
c68d62416ef8a5b0c0f35066dde127bd

SHA1
2352dd9ff472d9540efb0e6682ffdab46055283e

SHA256
142efb5ae424c58a0c9d9f822f4625ab615f04a6d1dd120047ed857e5b8452e6

SHA512
78e09bae8e780ba13c19e5e519e003d2fee720074c3a9d7e0d5117d5751625fb108d1dfccb35e9a11b47309c1e1ba92eb38679f4dd043ff9848e3fc971061420

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe

Filesize
468KB

MD5
bf50fca247b94cd55a28a5a0334563e8

SHA1
d130781da2a0eac7795e168dc2578036405c7897

SHA256
ed815ee34888288f6b11015d9c55dae0e26d8760f126e3b8c8416ea6aa7c4146

SHA512
9a9f4aa70729cf642292b86c7e89433c4e40e4d5fb4a193e2ebbd86ba13f4733bad90e1be3bc9f52b02a615b2eefbcdaf433028498afdede882ca686db611d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe

Filesize
468KB

MD5
b65c70e0509740d4483c0a88c388826f

SHA1
275a8370bd5b89db67952859a9c32070dfb375e2

SHA256
928dcbc5b64c3deb5f08be3c0c16f042fbdec83a85fde61570bd5a23d161ae02

SHA512
4bb6f169a88c9baf252a45502f7ecf8a117822763df1fe309da2aba3c19bec7e0cfe267b238d5295dcb6ebdcf576b6b825167d8572939b49820aaa0623a83d43

Download Submit