43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e

Analysis

max time kernel
155s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
Size

184KB
MD5

c6aa6c716ed698205012c48bcc4c150f
SHA1

6f6d2357bc32cd7e71f05077aed9d9466988ee84
SHA256

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e
SHA512

97d9aedbe00faacf1d6ec895c1d68aa7d909d50b1f0bd7347022f4319105f62624f85b81e676ec3c7c3b42f52befbea5bb26df7cb5166b3da767eb3cbdaecf97
SSDEEP

3072:DJAHfgo67iOTj+aWeDbL+msAhlnViFDnY:DJToIH+ahLZsAhlnViFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 48 IoCs

Processes:

Unicorn-65348.exeUnicorn-40434.exeUnicorn-59271.exeUnicorn-41912.exeUnicorn-18800.exeUnicorn-64492.exeUnicorn-59422.exeUnicorn-57284.exeUnicorn-24974.exeUnicorn-48706.exeUnicorn-11757.exeUnicorn-57429.exeUnicorn-60958.exeUnicorn-45177.exeUnicorn-19132.exeUnicorn-52359.exeUnicorn-27684.exeUnicorn-27684.exeUnicorn-5680.exeUnicorn-37798.exeUnicorn-33714.exeUnicorn-54689.exeUnicorn-41798.exeUnicorn-35022.exeUnicorn-32344.exeUnicorn-63994.exeUnicorn-37352.exeUnicorn-35960.exeUnicorn-50180.exeUnicorn-64378.exeUnicorn-56210.exeUnicorn-9147.exeUnicorn-38290.exeUnicorn-19816.exeUnicorn-63200.exeUnicorn-30336.exeUnicorn-37112.exeUnicorn-34420.exeUnicorn-41196.exeUnicorn-16522.exeUnicorn-61446.exeUnicorn-41580.exeUnicorn-55971.exeUnicorn-63392.exeUnicorn-27020.exeUnicorn-21928.exeUnicorn-60652.exeUnicorn-36702.exe

pid	process
1672	Unicorn-65348.exe
2472	Unicorn-40434.exe
2688	Unicorn-59271.exe
2632	Unicorn-41912.exe
2444	Unicorn-18800.exe
516	Unicorn-64492.exe
4732	Unicorn-59422.exe
2832	Unicorn-57284.exe
2008	Unicorn-24974.exe
232	Unicorn-48706.exe
4404	Unicorn-11757.exe
4396	Unicorn-57429.exe
4300	Unicorn-60958.exe
4708	Unicorn-45177.exe
2176	Unicorn-19132.exe
1996	Unicorn-52359.exe
1572	Unicorn-27684.exe
3544	Unicorn-27684.exe
4356	Unicorn-5680.exe
1168	Unicorn-37798.exe
1692	Unicorn-33714.exe
3416	Unicorn-54689.exe
2260	Unicorn-41798.exe
2440	Unicorn-35022.exe
4944	Unicorn-32344.exe
3932	Unicorn-63994.exe
2628	Unicorn-37352.exe
3200	Unicorn-35960.exe
2280	Unicorn-50180.exe
2912	Unicorn-64378.exe
1300	Unicorn-56210.exe
5072	Unicorn-9147.exe
2724	Unicorn-38290.exe
2404	Unicorn-19816.exe
4732	Unicorn-63200.exe
3160	Unicorn-30336.exe
4784	Unicorn-37112.exe
3608	Unicorn-34420.exe
4836	Unicorn-41196.exe
3864	Unicorn-16522.exe
4372	Unicorn-61446.exe
3056	Unicorn-41580.exe
1012	Unicorn-55971.exe
1764	Unicorn-63392.exe
1076	Unicorn-27020.exe
2980	Unicorn-21928.exe
4984	Unicorn-60652.exe
1144	Unicorn-36702.exe

Program crash 58 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2860	4296	WerFault.exe	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
4440	516	WerFault.exe	Unicorn-64492.exe
2552	1672	WerFault.exe	Unicorn-65348.exe
4620	516	WerFault.exe	Unicorn-64492.exe
4656	2472	WerFault.exe	Unicorn-40434.exe
2192	2688	WerFault.exe	Unicorn-59271.exe
3772	2632	WerFault.exe	Unicorn-41912.exe
2252	2444	WerFault.exe	Unicorn-18800.exe
2188	4732	WerFault.exe	Unicorn-59422.exe
3080	2832	WerFault.exe	Unicorn-57284.exe
2472	2008	WerFault.exe	Unicorn-24974.exe
456	4396	WerFault.exe	Unicorn-57429.exe
4612	232	WerFault.exe	Unicorn-48706.exe
2008	4708	WerFault.exe	Unicorn-45177.exe
4876	4300	WerFault.exe	Unicorn-60958.exe
3400	1996	WerFault.exe	Unicorn-52359.exe
5680	3544	WerFault.exe	Unicorn-27684.exe
5672	1572	WerFault.exe	Unicorn-27684.exe
5752	2628	WerFault.exe	Unicorn-37352.exe
5484	3160	WerFault.exe	Unicorn-30336.exe
5688	5284	WerFault.exe	Unicorn-39032.exe
2656	1144	WerFault.exe	Unicorn-36702.exe
4104	1076	WerFault.exe	Unicorn-27020.exe
2052	5356	WerFault.exe	Unicorn-4051.exe
380	5428	WerFault.exe	Unicorn-56096.exe
5988	5936	WerFault.exe	Unicorn-27290.exe
5884	3500	WerFault.exe	Unicorn-43460.exe
5640	5480	WerFault.exe	Unicorn-57990.exe
5128	5836	WerFault.exe	Unicorn-62650.exe
2688	4364	WerFault.exe	Unicorn-24776.exe
5244	1340	WerFault.exe	Unicorn-12715.exe
3212	5172	WerFault.exe	Unicorn-58566.exe
2484	4516	WerFault.exe	Unicorn-37002.exe
1680	5312	WerFault.exe	Unicorn-43032.exe
5684	5948	WerFault.exe	Unicorn-48870.exe
3132	4964	WerFault.exe	Unicorn-56820.exe
5168	6112	WerFault.exe	Unicorn-2850.exe
4832	640	WerFault.exe	Unicorn-3343.exe
2544	3648	WerFault.exe	Unicorn-515.exe
4088	1644	WerFault.exe	Unicorn-8709.exe
2224	3504	WerFault.exe	Unicorn-52352.exe
1692	752	WerFault.exe	Unicorn-50764.exe
5768	4440	WerFault.exe	Unicorn-48735.exe
6000	4620	WerFault.exe	Unicorn-18008.exe
5328	5400	WerFault.exe	Unicorn-58268.exe
5232	5724	WerFault.exe	Unicorn-15700.exe
1968	2872	WerFault.exe	Unicorn-48735.exe
5044	5992	WerFault.exe	Unicorn-51662.exe
380	6020	WerFault.exe	Unicorn-21486.exe
736	2256	WerFault.exe	Unicorn-58050.exe
4516	5348	WerFault.exe	Unicorn-62430.exe
3000	5180	WerFault.exe	Unicorn-4179.exe
5312	5528	WerFault.exe	Unicorn-18404.exe
2432	5632	WerFault.exe	Unicorn-41538.exe
5700	4616	WerFault.exe	Unicorn-31294.exe
3536	5132	WerFault.exe	Unicorn-57583.exe
2596	5984	WerFault.exe	Unicorn-57376.exe
5316	5064	WerFault.exe	Unicorn-47262.exe

Suspicious use of SetWindowsHookEx 44 IoCs

Processes:

43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exeUnicorn-65348.exeUnicorn-40434.exeUnicorn-59271.exeUnicorn-41912.exeUnicorn-18800.exeUnicorn-64492.exeUnicorn-59422.exeUnicorn-57284.exeUnicorn-24974.exeUnicorn-48706.exeUnicorn-57429.exeUnicorn-11757.exeUnicorn-45177.exeUnicorn-60958.exeUnicorn-19132.exeUnicorn-52359.exeUnicorn-27684.exeUnicorn-27684.exeUnicorn-5680.exeUnicorn-37798.exeUnicorn-54689.exeUnicorn-33714.exeUnicorn-41798.exeUnicorn-35022.exeUnicorn-32344.exeUnicorn-63994.exeUnicorn-37352.exeUnicorn-35960.exeUnicorn-50180.exeUnicorn-64378.exeUnicorn-9147.exeUnicorn-56210.exeUnicorn-19816.exeUnicorn-38290.exeUnicorn-63200.exeUnicorn-30336.exeUnicorn-37112.exeUnicorn-34420.exeUnicorn-16522.exeUnicorn-41196.exeUnicorn-61446.exeUnicorn-41580.exeUnicorn-55971.exe

pid	process
4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
1672	Unicorn-65348.exe
2472	Unicorn-40434.exe
2688	Unicorn-59271.exe
2632	Unicorn-41912.exe
2444	Unicorn-18800.exe
516	Unicorn-64492.exe
4732	Unicorn-59422.exe
2832	Unicorn-57284.exe
2008	Unicorn-24974.exe
232	Unicorn-48706.exe
4396	Unicorn-57429.exe
4404	Unicorn-11757.exe
4708	Unicorn-45177.exe
4300	Unicorn-60958.exe
2176	Unicorn-19132.exe
1996	Unicorn-52359.exe
3544	Unicorn-27684.exe
1572	Unicorn-27684.exe
4356	Unicorn-5680.exe
1168	Unicorn-37798.exe
3416	Unicorn-54689.exe
1692	Unicorn-33714.exe
2260	Unicorn-41798.exe
2440	Unicorn-35022.exe
4944	Unicorn-32344.exe
3932	Unicorn-63994.exe
2628	Unicorn-37352.exe
3200	Unicorn-35960.exe
2280	Unicorn-50180.exe
2912	Unicorn-64378.exe
5072	Unicorn-9147.exe
1300	Unicorn-56210.exe
2404	Unicorn-19816.exe
2724	Unicorn-38290.exe
4732	Unicorn-63200.exe
3160	Unicorn-30336.exe
4784	Unicorn-37112.exe
3608	Unicorn-34420.exe
3864	Unicorn-16522.exe
4836	Unicorn-41196.exe
4372	Unicorn-61446.exe
3056	Unicorn-41580.exe
1012	Unicorn-55971.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 4296 wrote to memory of 1672	4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-65348.exe
PID 4296 wrote to memory of 1672	4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-65348.exe
PID 4296 wrote to memory of 1672	4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-65348.exe
PID 1672 wrote to memory of 2472	1672	Unicorn-65348.exe	Unicorn-40434.exe
PID 1672 wrote to memory of 2472	1672	Unicorn-65348.exe	Unicorn-40434.exe
PID 1672 wrote to memory of 2472	1672	Unicorn-65348.exe	Unicorn-40434.exe
PID 4296 wrote to memory of 2688	4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-59271.exe
PID 4296 wrote to memory of 2688	4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-59271.exe
PID 4296 wrote to memory of 2688	4296	43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe	Unicorn-59271.exe
PID 1672 wrote to memory of 2632	1672	Unicorn-65348.exe	Unicorn-41912.exe
PID 1672 wrote to memory of 2632	1672	Unicorn-65348.exe	Unicorn-41912.exe
PID 1672 wrote to memory of 2632	1672	Unicorn-65348.exe	Unicorn-41912.exe
PID 2472 wrote to memory of 2444	2472	Unicorn-40434.exe	Unicorn-18800.exe
PID 2472 wrote to memory of 2444	2472	Unicorn-40434.exe	Unicorn-18800.exe
PID 2472 wrote to memory of 2444	2472	Unicorn-40434.exe	Unicorn-18800.exe
PID 2688 wrote to memory of 516	2688	Unicorn-59271.exe	Unicorn-64492.exe
PID 2688 wrote to memory of 516	2688	Unicorn-59271.exe	Unicorn-64492.exe
PID 2688 wrote to memory of 516	2688	Unicorn-59271.exe	Unicorn-64492.exe
PID 2632 wrote to memory of 4732	2632	Unicorn-41912.exe	Unicorn-59422.exe
PID 2632 wrote to memory of 4732	2632	Unicorn-41912.exe	Unicorn-59422.exe
PID 2632 wrote to memory of 4732	2632	Unicorn-41912.exe	Unicorn-59422.exe
PID 2444 wrote to memory of 2832	2444	Unicorn-18800.exe	Unicorn-57284.exe
PID 2444 wrote to memory of 2832	2444	Unicorn-18800.exe	Unicorn-57284.exe
PID 2444 wrote to memory of 2832	2444	Unicorn-18800.exe	Unicorn-57284.exe
PID 2472 wrote to memory of 2008	2472	Unicorn-40434.exe	Unicorn-24974.exe
PID 2472 wrote to memory of 2008	2472	Unicorn-40434.exe	Unicorn-24974.exe
PID 2472 wrote to memory of 2008	2472	Unicorn-40434.exe	Unicorn-24974.exe
PID 4732 wrote to memory of 232	4732	Unicorn-59422.exe	Unicorn-48706.exe
PID 4732 wrote to memory of 232	4732	Unicorn-59422.exe	Unicorn-48706.exe
PID 4732 wrote to memory of 232	4732	Unicorn-59422.exe	Unicorn-48706.exe
PID 2832 wrote to memory of 4404	2832	Unicorn-57284.exe	Unicorn-11757.exe
PID 2832 wrote to memory of 4404	2832	Unicorn-57284.exe	Unicorn-11757.exe
PID 2832 wrote to memory of 4404	2832	Unicorn-57284.exe	Unicorn-11757.exe
PID 2632 wrote to memory of 4396	2632	Unicorn-41912.exe	Unicorn-57429.exe
PID 2632 wrote to memory of 4396	2632	Unicorn-41912.exe	Unicorn-57429.exe
PID 2632 wrote to memory of 4396	2632	Unicorn-41912.exe	Unicorn-57429.exe
PID 2008 wrote to memory of 4300	2008	Unicorn-24974.exe	Unicorn-60958.exe
PID 2008 wrote to memory of 4300	2008	Unicorn-24974.exe	Unicorn-60958.exe
PID 2008 wrote to memory of 4300	2008	Unicorn-24974.exe	Unicorn-60958.exe
PID 2444 wrote to memory of 4708	2444	Unicorn-18800.exe	Unicorn-45177.exe
PID 2444 wrote to memory of 4708	2444	Unicorn-18800.exe	Unicorn-45177.exe
PID 2444 wrote to memory of 4708	2444	Unicorn-18800.exe	Unicorn-45177.exe
PID 232 wrote to memory of 2176	232	Unicorn-48706.exe	Unicorn-19132.exe
PID 232 wrote to memory of 2176	232	Unicorn-48706.exe	Unicorn-19132.exe
PID 232 wrote to memory of 2176	232	Unicorn-48706.exe	Unicorn-19132.exe
PID 4732 wrote to memory of 1996	4732	Unicorn-59422.exe	Unicorn-52359.exe
PID 4732 wrote to memory of 1996	4732	Unicorn-59422.exe	Unicorn-52359.exe
PID 4732 wrote to memory of 1996	4732	Unicorn-59422.exe	Unicorn-52359.exe
PID 4396 wrote to memory of 3544	4396	Unicorn-57429.exe	Unicorn-27684.exe
PID 4708 wrote to memory of 1572	4708	Unicorn-45177.exe	Unicorn-27684.exe
PID 4396 wrote to memory of 3544	4396	Unicorn-57429.exe	Unicorn-27684.exe
PID 4708 wrote to memory of 1572	4708	Unicorn-45177.exe	Unicorn-27684.exe
PID 4396 wrote to memory of 3544	4396	Unicorn-57429.exe	Unicorn-27684.exe
PID 4708 wrote to memory of 1572	4708	Unicorn-45177.exe	Unicorn-27684.exe
PID 2832 wrote to memory of 4356	2832	Unicorn-57284.exe	Unicorn-5680.exe
PID 2832 wrote to memory of 4356	2832	Unicorn-57284.exe	Unicorn-5680.exe
PID 2832 wrote to memory of 4356	2832	Unicorn-57284.exe	Unicorn-5680.exe
PID 4404 wrote to memory of 1168	4404	Unicorn-11757.exe	Unicorn-37798.exe
PID 4404 wrote to memory of 1168	4404	Unicorn-11757.exe	Unicorn-37798.exe
PID 4404 wrote to memory of 1168	4404	Unicorn-11757.exe	Unicorn-37798.exe
PID 4300 wrote to memory of 1692	4300	Unicorn-60958.exe	Unicorn-33714.exe
PID 4300 wrote to memory of 1692	4300	Unicorn-60958.exe	Unicorn-33714.exe
PID 4300 wrote to memory of 1692	4300	Unicorn-60958.exe	Unicorn-33714.exe
PID 2008 wrote to memory of 3416	2008	Unicorn-24974.exe	Unicorn-54689.exe

C:\Users\Admin\AppData\Local\Temp\43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe
"C:\Users\Admin\AppData\Local\Temp\43ed1152b586991f1c54248b8d25f9f5283bdccb88e0966f40f2b3127aa1b94e.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        11⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
        10⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        8⤵
        Executes dropped EXE
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        11⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        12⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        13⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        14⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        15⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        16⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        17⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        18⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        19⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        20⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        21⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        22⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        23⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        24⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32964.exe
        23⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 712
        14⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        13⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        14⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        15⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        16⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        17⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        18⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 712
        13⤵
        Program crash
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 744
        12⤵
        Program crash
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 728
        11⤵
        Program crash
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 636
        9⤵
        Program crash
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        7⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        9⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 636
        9⤵
        Program crash
        
        PID:5884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 724
        6⤵
        Program crash
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
        11⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12715.exe
        12⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        13⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        14⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        15⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        16⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        17⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        18⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        19⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21092.exe
        20⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        21⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        22⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        23⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        20⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        21⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 664
        16⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        14⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        15⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        16⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        17⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 716
        15⤵
        Program crash
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 636
        14⤵
        Program crash
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 660
        13⤵
        Program crash
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 724
        8⤵
        Program crash
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52012.exe
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        11⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        12⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        13⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        14⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        15⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
        17⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        18⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        19⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        20⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        21⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        22⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        23⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        24⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 752
        20⤵
        Program crash
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 640
        17⤵
        Program crash
        
        PID:736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 636
        16⤵
        Program crash
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        14⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        15⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        16⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 712
        14⤵
        Program crash
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 716
        7⤵
        Program crash
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        7⤵
        Executes dropped EXE
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        11⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        12⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        13⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49358.exe
        14⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        15⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        16⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        17⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
        18⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 724
        17⤵
        Program crash
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        13⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 636
        14⤵
        Program crash
        
        PID:5168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 636
        6⤵
        Program crash
        
        PID:2008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 744
        5⤵
        Program crash
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        11⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58574.exe
        12⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        13⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        14⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        13⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        7⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        10⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        13⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        14⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        15⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        16⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        17⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        18⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        19⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        20⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        21⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        22⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        18⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        19⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        13⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        14⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        15⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        16⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        17⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
        18⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        19⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        20⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        21⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        22⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        18⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        19⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 744
        19⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 664
        11⤵
        Program crash
        
        PID:3212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 712
        6⤵
        Program crash
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        11⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        12⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        13⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        12⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        13⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        14⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        15⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        16⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        17⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        18⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        19⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
        17⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        18⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 636
        11⤵
        Program crash
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        11⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        12⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34942.exe
        13⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
        14⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        15⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        16⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        17⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 712
        13⤵
        Program crash
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        12⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        13⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        14⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        15⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
        16⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        17⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        18⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        16⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        17⤵
        
        PID:4996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 720
        5⤵
        Program crash
        
        PID:2472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 488
      4⤵
      Program crash
      PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        12⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        13⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 720
        9⤵
        Program crash
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        8⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        12⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        13⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        14⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        15⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        16⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        17⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        18⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        19⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        20⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        21⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        22⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        19⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        20⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        21⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        22⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        22⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 692
        19⤵
        Program crash
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        13⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        14⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        15⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        16⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        17⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        18⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        19⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        20⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        21⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        22⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe
        23⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        18⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        19⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 624
        17⤵
        Program crash
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 636
        14⤵
        Program crash
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 716
        13⤵
        Program crash
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 724
        11⤵
        Program crash
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        9⤵
        
        PID:4444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 232 -s 736
        6⤵
        Program crash
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        8⤵
        Executes dropped EXE
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        11⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        12⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        13⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        14⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34942.exe
        15⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        16⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        17⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        18⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        19⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        20⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        21⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        22⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
        23⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        24⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 636
        22⤵
        Program crash
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        19⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        20⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        21⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        22⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
        23⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 608
        18⤵
        Program crash
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 656
        13⤵
        Program crash
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 724
        8⤵
        Program crash
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        7⤵
        Executes dropped EXE
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        12⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        13⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15700.exe
        14⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
        15⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
        16⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        17⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 632
        15⤵
        Program crash
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        13⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        14⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        15⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        16⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        17⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        18⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        19⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        20⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34256.exe
        18⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 640
        8⤵
        Program crash
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
        11⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        8⤵
        
        PID:3400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 720
        6⤵
        Program crash
        
        PID:3400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 736
        5⤵
        Program crash
        
        PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58898.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        10⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        12⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        13⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        14⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 632
        15⤵
        Program crash
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        12⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        11⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        12⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        13⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21730.exe
        14⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        15⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        16⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        17⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        18⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        13⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        14⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        15⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        16⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
        17⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        18⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        19⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        20⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        21⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 700
        20⤵
        Program crash
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        17⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        18⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        19⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 740
        17⤵
        Program crash
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 656
        12⤵
        Program crash
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        12⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        13⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        14⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 724
        14⤵
        Program crash
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 652
        9⤵
        Program crash
        
        PID:380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 636
        8⤵
        Program crash
        
        PID:2052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 736
        6⤵
        Program crash
        
        PID:5680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 648
        5⤵
        Program crash
        
        PID:456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 728
      4⤵
      Program crash
      PID:3772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 744
    3⤵
    - Program crash
    PID:2552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 468
      4⤵
      Program crash
      PID:4440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 420
      4⤵
      Program crash
      PID:4620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 728
    3⤵
    - Program crash
    PID:2192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 708
  2⤵
  - Program crash
  PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4296 -ip 4296
1⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 516 -ip 516
1⤵
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1672 -ip 1672
1⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 516 -ip 516
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2472 -ip 2472
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2688 -ip 2688
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2632 -ip 2632
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2444 -ip 2444
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4732 -ip 4732
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2832 -ip 2832
1⤵
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2008 -ip 2008
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4396 -ip 4396
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 232 -ip 232
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4708 -ip 4708
1⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4300 -ip 4300
1⤵
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4404 -ip 4404
1⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4100 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2176 -ip 2176
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1996 -ip 1996
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1168 -ip 1168
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1572 -ip 1572
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3544 -ip 3544
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2628 -ip 2628
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3200 -ip 3200
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4836 -ip 4836
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3608 -ip 3608
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3160 -ip 3160
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5072 -ip 5072
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2280 -ip 2280
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2984 -ip 2984
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4356 -ip 4356
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4944 -ip 4944
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2404 -ip 2404
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4372 -ip 4372
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2724 -ip 2724
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4732 -ip 4732
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4784 -ip 4784
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1012 -ip 1012
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3864 -ip 3864
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1692 -ip 1692
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2912 -ip 2912
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3416 -ip 3416
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2440 -ip 2440
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3056 -ip 3056
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1300 -ip 1300
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3932 -ip 3932
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2260 -ip 2260
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5284 -ip 5284
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1764 -ip 1764
1⤵
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4984 -ip 4984
1⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4840 -ip 4840
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1076 -ip 1076
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1144 -ip 1144
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5336 -ip 5336
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5144 -ip 5144
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1588 -ip 1588
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4620 -ip 4620
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5704 -ip 5704
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5268 -ip 5268
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4032 -ip 4032
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5692 -ip 5692
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5220 -ip 5220
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5160 -ip 5160
1⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4632 -ip 4632
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4556 -ip 4556
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3400 -ip 3400
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3384 -ip 3384
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5356 -ip 5356
1⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 516 -ip 516
1⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5848 -ip 5848
1⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4964 -ip 4964
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2980 -ip 2980
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5260 -ip 5260
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5924 -ip 5924
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5996 -ip 5996
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5984 -ip 5984
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5856 -ip 5856
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5904 -ip 5904
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5968 -ip 5968
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4456 -ip 4456
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5428 -ip 5428
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5560 -ip 5560
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4720 -ip 4720
1⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5640 -ip 5640
1⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 940 -ip 940
1⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3292 -ip 3292
1⤵
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6060 -ip 6060
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5280 -ip 5280
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4444 -ip 4444
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6036 -ip 6036
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5756 -ip 5756
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6068 -ip 6068
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3716 -ip 3716
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3500 -ip 3500
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5316 -ip 5316
1⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6016 -ip 6016
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5936 -ip 5936
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5940 -ip 5940
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5344 -ip 5344
1⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2984 -ip 2984
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5684 -ip 5684
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5252 -ip 5252
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5832 -ip 5832
1⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5880 -ip 5880
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3776 -ip 3776
1⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4396 -ip 4396
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5960 -ip 5960
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5492 -ip 5492
1⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5572 -ip 5572
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5480 -ip 5480
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5156 -ip 5156
1⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 468 -ip 468
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6028 -ip 6028
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5776 -ip 5776
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1476 -ip 1476
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4836 -ip 4836
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5636 -ip 5636
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2248 -ip 2248
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5808 -ip 5808
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3612 -ip 3612
1⤵
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5836 -ip 5836
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1852 -ip 1852
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4356 -ip 4356
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6020 -ip 6020
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5172 -ip 5172
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2912 -ip 2912
1⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4364 -ip 4364
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1340 -ip 1340
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5408 -ip 5408
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1420 -ip 1420
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2008 -ip 2008
1⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2904 -ip 2904
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5852 -ip 5852
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4516 -ip 4516
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5312 -ip 5312
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5948 -ip 5948
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4964 -ip 4964
1⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5104 -ip 5104
1⤵
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6112 -ip 6112
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5464 -ip 5464
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3668 -ip 3668
1⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6064 -ip 6064
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5796 -ip 5796
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6012 -ip 6012
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4524 -ip 4524
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1516 -ip 1516
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3912 -ip 3912
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5252 -ip 5252
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2260 -ip 2260
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2380 -ip 2380
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5428 -ip 5428
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5276 -ip 5276
1⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5372 -ip 5372
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1572 -ip 1572
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5524 -ip 5524
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5536 -ip 5536
1⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5420 -ip 5420
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5940 -ip 5940
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4656 -ip 4656
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3504 -ip 3504
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5820 -ip 5820
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5880 -ip 5880
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6032 -ip 6032
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 640 -ip 640
1⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4456 -ip 4456
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5184 -ip 5184
1⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5788 -ip 5788
1⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3648 -ip 3648
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4728 -ip 4728
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 716 -ip 716
1⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4444 -ip 4444
1⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4704 -ip 4704
1⤵
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2832 -ip 2832
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1644 -ip 1644
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 752 -ip 752
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3608 -ip 3608
1⤵
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4392 -ip 4392
1⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5728 -ip 5728
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2436 -ip 2436
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1720 -ip 1720
1⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5844 -ip 5844
1⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5376 -ip 5376
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5368 -ip 5368
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5936 -ip 5936
1⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5888 -ip 5888
1⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4440 -ip 4440
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2872 -ip 2872
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5400 -ip 5400
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4620 -ip 4620
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5724 -ip 5724
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3776 -ip 3776
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5452 -ip 5452
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1420 -ip 1420
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5992 -ip 5992
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4876 -ip 4876
1⤵
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 536 -ip 536
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 452 -ip 452
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 552 -ip 552
1⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5864 -ip 5864
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1852 -ip 1852
1⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3272 -ip 3272
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 832 -ip 832
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1360 -ip 1360
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5712 -ip 5712
1⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5912 -ip 5912
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3620 -ip 3620
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5188 -ip 5188
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 980 -ip 980
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4296 -ip 4296
1⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5008 -ip 5008
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5492 -ip 5492
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4356 -ip 4356
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6020 -ip 6020
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5204 -ip 5204
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5292 -ip 5292
1⤵
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2256 -ip 2256
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4548 -ip 4548
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5700 -ip 5700
1⤵
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5956 -ip 5956
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5624 -ip 5624
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5628 -ip 5628
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3484 -ip 3484
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5524 -ip 5524
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5684 -ip 5684
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5876 -ip 5876
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3668 -ip 3668
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4784 -ip 4784
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2332 -ip 2332
1⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5832 -ip 5832
1⤵
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5728 -ip 5728
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 1996 -ip 1996
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4372 -ip 4372
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1300 -ip 1300
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2660 -ip 2660
1⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5784 -ip 5784
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5940 -ip 5940
1⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 3212 -ip 3212
1⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5496 -ip 5496
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5952 -ip 5952
1⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5348 -ip 5348
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5444 -ip 5444
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 2916 -ip 2916
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1720 -ip 1720
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4564 -ip 4564
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3960 -ip 3960
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4728 -ip 4728
1⤵
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2860 -ip 2860
1⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6012 -ip 6012
1⤵
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5296 -ip 5296
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4616 -ip 4616
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1420 -ip 1420
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4736 -ip 4736
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2820 -ip 2820
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 1476 -ip 1476
1⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5632 -ip 5632
1⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5528 -ip 5528
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5616 -ip 5616
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5180 -ip 5180
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3660 -ip 3660
1⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5560 -ip 5560
1⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6040 -ip 6040
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3368 -ip 3368
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5780 -ip 5780
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3832 -ip 3832
1⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 2052 -ip 2052
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2764 -ip 2764
1⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5832 -ip 5832
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5856 -ip 5856
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6096 -ip 6096
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 832 -ip 832
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5464 -ip 5464
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4272 -ip 4272
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5608 -ip 5608
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3532 -ip 3532
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5248 -ip 5248
1⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5612 -ip 5612
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2188 -ip 2188
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5752 -ip 5752
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3620 -ip 3620
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5712 -ip 5712
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2484 -ip 2484
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 752 -ip 752
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4988 -ip 4988
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2496 -ip 2496
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1968 -ip 1968
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2248 -ip 2248
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6048 -ip 6048
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5672 -ip 5672
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5788 -ip 5788
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4644 -ip 4644
1⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5360 -ip 5360
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5132 -ip 5132
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5868 -ip 5868
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4580 -ip 4580
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5144 -ip 5144
1⤵
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5064 -ip 5064
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4356 -ip 4356
1⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
1⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4496 -ip 4496
1⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5652 -ip 5652
1⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3132 -ip 3132
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5572 -ip 5572
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1076 -ip 1076
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 3036 -ip 3036
1⤵
PID:5192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe

Filesize
184KB

MD5
35b044fe82294d7947eccbd5e9f037cb

SHA1
9027e15312a9f45820bed1f52ce4070ab3ea3bab

SHA256
294889d0c973c9ca952c3ac0aca4af0f8f847e99abc00ea1c891713d1337e513

SHA512
efb60ec7e745fb90f22ee6513884815df61d1f9edc65115d72e7b610af5f0723efeef1bd6e18b3b93aee8ec8d2c06b26864c0bd0ad0f6ceb1b0498a36f6e93c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe

Filesize
184KB

MD5
8c9dd640882e669103e3eb8dc776552f

SHA1
3691c08a2b8eb8a2040ec5e61f04a25bd0052b0e

SHA256
940a039f3a31f4d5fc2a056762cbda1e6eda0bda80fb9923a8cbb7befe81de34

SHA512
d953974386b8b7c64366fb2b83530d9aecb76a8f6db40978b7c4ce88442d68b6ca75ddd706466df1d637f8ca1e6c2ee8d655c33cc811dc269b671bf0ae86d7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe

Filesize
184KB

MD5
e8d45767babd07d33ef590fa13e6e01e

SHA1
1ca1af0040cd020ab1656e117c747c67f865862d

SHA256
9513fd6464ba3ebd7fa9533d732f239d16b185fa4f0b56cfe38a5350d70faa2d

SHA512
a50d20afe6a80085423a1b21051f1505b7ad2de4c28dc946b25e5eecbafb75afa4c946a02b374d017e24584614ae954afcdff3aed986a95376a44398b0f89c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe

Filesize
184KB

MD5
92ff2393ef2ece0479ffcb28b39ca62d

SHA1
f2de7341e5c89e1efb6ddf449b9dcfab49ed819b

SHA256
19290122d5810bb67923c5538c00686f231e53e291ed6af4bbbbd01e936ebde4

SHA512
75f0a89f77dec63a3e43f69cfb05067e7551a0632c2063d298e012e3a7f0b5beb26e05d91ab6c996d8225fa5f58952ae1287eca5771163e792d80eba9d3c533a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe

Filesize
184KB

MD5
5147100fe146c208c6a6bb731bb2c42c

SHA1
a25f39364465aa5850e52bc8a67cd1e4659f931a

SHA256
f77da5ec6d5147dadcbd9ba8acccd2bbcc569195507a2ea477917fe856724061

SHA512
35cf52bb89e7b649e0cc9464d3ea065bf7aaeba1d6e87c406758090bfee4b984436f79fcb0eca6b5fe7e454bbb0ddc8f8109b01c6d62eb252d525a4633c324f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe

Filesize
184KB

MD5
db1e7917764f8a2a3f1de17a53da86ba

SHA1
d2d1de5c4f0570114aab1622b4ef7a3fd1947b45

SHA256
446ade31b8c31df975de7b8c20fe5f609b2282261f079ef4305558215ff62f70

SHA512
e6bebabac3258f0ecb140229d516ea974620f1db4546504c096489f84a7172bada9292160f2f44d17a813bb0cbc9b29f13f022307e972ccf8c3937e1ce568d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe

Filesize
184KB

MD5
8a72a70dc5a19811bfcf5449085b8402

SHA1
bf9fa5b56f1025329bc381e732b16c96adf9bbc0

SHA256
db7f5654cb46cc681e4e6ffa451a4e370c981668b99489dda3026a546ee971f5

SHA512
2da4c9f6690c02ad1f9ad5649a0c3cea7995df6bade689194dea149d74f5fcc2a93a1d3d7e09878984e55f3e31275f180d3fdfaa8c40bcf0001e72f59e86a004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe

Filesize
184KB

MD5
d7c66b32a4ad087fdda33385b580b01c

SHA1
fd28d5607a1293314b18d079397d02f978d4385b

SHA256
19ab205ea560e48cb61786136877e919f4779cfbcc86f390f2ee3df09f70a4f7

SHA512
54c75438d36a9f9434c3a779b42068ef8aa25039b73d93d0fc802b9df5f8b6d9ef6b8822e8fa39e1b4ecb365532c770c42d124d3c4bafb67f836e3c196cdad26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe

Filesize
184KB

MD5
40abfda0fe7b163d9072ff595e1491ba

SHA1
9444320c0a9eb8a019653da5bb587036fea05eff

SHA256
54b54356d797f8d0d68402a8c9cbc624405926c53751bd0454431a7080b2a938

SHA512
5cced20fa7792855511d4300508909fa212b2a4e190330cd5a87a4e5aef8a025048f37d2c1a3174cecd1468ba50c22cf5c230a9690bac92640fd0c70b865a431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe

Filesize
184KB

MD5
b1afbfc50ed7d18fb867ca0a6ca481f2

SHA1
55ab3c2085b259a8d434790e4177ddcd680d133f

SHA256
3002b29fd9a5e560b1176167059122b404d47df9613c02bebc938f6eba0cd0be

SHA512
5b9f53f7f437a51e0caf244e5d4a24a6e4daeabbb973e212ed3a938a4caeae3f5af6c3b7d8faac05669a0dbe8624a67bdb6bf9ed2f36d22e3d6b87ba463a81a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe

Filesize
184KB

MD5
6534137ef7eba6869d0c971b49b0e6fa

SHA1
f1ccf6127b25ae425ce067059d5e8e683efdd4f3

SHA256
2f8026e75801a80d4fa6f8a283b8eb53a9951d7ed892887658080a0f844dbeb6

SHA512
2bbc5576a34c7912cb93b35222fd52eb11ff65390fcb990dfae81ce3af0a2460f68449eac982488341ec9a6b24bb8e2b2f38c08e4567658913bb0a5a07c5783a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe

Filesize
184KB

MD5
a2975bbeb75bd8164a329db8f08ab90a

SHA1
4e08e44dc3380d82d8a2436f6261e3a848ecd353

SHA256
73cb7de2ab64d2ff7a3c24468a63f2e9993ed27e51241ca6e220a2e00bc04158

SHA512
19574b212f9936bb173c1bb218a727f6dac2b7ea375c67e00ee55aee321915f2ca6f88a4ff1f0e527fb698669c6c269280b3a0f24ced735475c545236c85db49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe

Filesize
184KB

MD5
3c31d150f08d615f361668c6f3d4dc50

SHA1
7f5ef09876795b08fca1f3363b98ac607c457ece

SHA256
13553e7af0d8cb8dfa6b81e74bbaf78dff55f8d01be1cc4483f4092923e2739a

SHA512
2fed09b32079e08269ca6e9d1849e0bf5b67a0adfbaa53d4523cdf2f5245c7a7c581c38c9931c04db2f36c8fed5a51aafbf55043b90b9ec94067724b80e09fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe

Filesize
184KB

MD5
7a0e0da3f41e436147b6d5c1bf11aa03

SHA1
10f727a0c2a75c08701df475f5861ee27c3f9be7

SHA256
7c080eea5d4f90e89619a9718d3d4c7275a694473bfbe81b611c59806312f305

SHA512
9994446fe786c33b99504c04e4dd0ddc7798fc354cc61e79c63e19ae4ffbae2d4f9eea3f0f21220cd0a82a0275841eaa76b6f72f286a0a19912378a0c0659577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe

Filesize
184KB

MD5
82ff5683d6d8ee20fa35f270debd418e

SHA1
1cf417cc1594d9e8cf3c4eadae85b8bbc5791428

SHA256
98a9b2978b051dda5f8050c46338cd79ef23eed0582c84c8906b787a5947c95a

SHA512
8e8a49b60ce1aebe6bbd7c4bfbf5c6c5deffa3ac9bfdeb2296b57f05399aebf92dfc2b7f2b1de8e99810b14df9b94ad67aec3ed4826b06878bd7100515be6d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe

Filesize
184KB

MD5
fcad9e42da931dad9bf2ce9ef29e12d3

SHA1
734b51eed37ff229e04f69265d15efeefe0ad403

SHA256
d5446f06bd08aaf7075d198b96103d0ec01bd4a658e3016afbb307c72fdc8533

SHA512
3c8e76525a16f1073c2397a9b02024aa58e808b2f08865dff3a4ce987dca463ab28f18381c1be98715ca63eb7b5668c77e0d1fe839963eaae54942a7b4e56d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe

Filesize
184KB

MD5
a1777a87d333cbdebeb0f70c1afe9cec

SHA1
741662f40ae98bdee2bd0d8aaba3abc1c6e5ca3a

SHA256
0e7131f2bc77d24624fc769ee9ba7fb0e772d3ac675a71097bcb1161fcfa128c

SHA512
8e1d2c37c5bf2995850c758667ba908fa222224f0a5419eab13c51ef421b20fa52d8b39b44833afa5a973c0c16586ccf742fa2223e18ad8106947e3de8f8ec40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe

Filesize
184KB

MD5
6b9eae1d968cee5479d6ddd9712d6873

SHA1
ef04cb2ea0a2ed44b453ae2674419db56caa7dd1

SHA256
0a31a17688b19e2fc0a04c417ef9fd9fcd906be64f122f71edf5b1a9217a7d67

SHA512
a7b4f714fe49f77d0cb749bf20cdb055ae8606fabb1513783efe9d64f7884917d0e3c07bc2bf3722e8a11d05568d3755019ec441c74a1ec38929e1dd0eb098c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe

Filesize
184KB

MD5
43aaf7f9a90c3569122e5dd77af974ff

SHA1
2dcc838cf96d0d50d5da570d2c902f9245396582

SHA256
8e2bff70988233655bb9b4398b952dd841480581af21bab0aa9c219a9915f018

SHA512
a937aeb553eafa2900fc5cffb16bda111d2fb802b2ab035727f20b0445ac1c34908b7b2352e77708f4b2bef5b5a21619c6f4cf45e89d27b00d8e8400c8f37aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe

Filesize
184KB

MD5
ef5b93e1a27e808f09b283fec622a779

SHA1
bb99f8d4f72cfdc844a5999d540c73a431d50424

SHA256
98d5342ab592cf55280ff3272a6076ced0266958bd0ce9329fd00aaf09b873cb

SHA512
2d7556709676ba88a3a1e9bb538310165408762b71397306c23cf1b0758c009101ce9e7ed3617efb99d61318b185f3c4b0dccc93a1ee193829215c1e13ba0d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe

Filesize
184KB

MD5
a2bd130462130dc02124ad42e0340114

SHA1
b83087e56432ba10f6f2657dfc5009887b406ae2

SHA256
a50bd7411c175a515f83c98167645aaa483066e373c7646c1b4950762a10d8e3

SHA512
6268bbf77f458e642175bd263e2e8cd20e05793ec71ac7c0765364866d076ea73dac75c0ff0983368e9e7993356443396b4a3e9c432b87bbda5b5bf053f61be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe

Filesize
184KB

MD5
3d5b777ee897bc7c7c8592f7a4b26049

SHA1
3297b6a5796ccb449e286928a9e5c5de9c969dff

SHA256
dd5341382ab0bd1b9e749a199b51bb5c28dd165bdf22390606727d14cb118c89

SHA512
b74e9477fbe5de7fcfe1b0deb1f0a8c7a8cd7eb490c94a612f87dd8ac6a6f557e140d43f90ac9b6c1ab5be3c8f63e07e3319c14722b7b9f09dae9aa1690b2b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe

Filesize
184KB

MD5
d7fff1e0408e4454de3ceb5efc3a46c3

SHA1
8cb3ee849d723b2ed592c8da1502ed78a84383a8

SHA256
8740145c532df165e036b555872a3ef9f72020f02b0305588c1d84e0c67b6a35

SHA512
a9c735b15228a46b8b1196035ceb072d671d4f20e2c91ab1f5808abb9ea62eb1a4c9b959dba4ce6c89ad3562fe27ea1e1cbe51e968b546c828d71528c3c59300

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe

Filesize
184KB

MD5
808fd420e52782cf60cb7057d2f40d9b

SHA1
79c00520b04f4e4bb24dfd6ed7b193eccf10ac2c

SHA256
38798a30baedec811a0e3196d5d4b04ebd878de16d6fe2673203de3327f70321

SHA512
d16e91ded43af963be7f2905b8ef9a0fb3a1c07d0660c8e9485d693aad16e773192e562b2f017db93540fbd1b608cbeae54270234a6f91b1ff75387ce8c8962c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe

Filesize
184KB

MD5
ad6e9fbffe7d9df11c58b458f088965b

SHA1
01ed9ee6ed6b99dd09dafea6bd6054d41f82832f

SHA256
d861a12ca1f1f93e685ae2dbcf74c2fd05d373f6fd2733c79ad0ecbad73bb3d2

SHA512
5ad985623d00a2347f6ab0b14d281d34da700d102c9e882e2445337d793f866d8a87775df79bb7c0b65777ff02a309e2355ecc33da7d6a192eed9189a962f973

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe

Filesize
184KB

MD5
9843d91a1bd3d25b0fef50933f38c032

SHA1
02f9bc40f95af927669a8d87b00bff01ca23e0d1

SHA256
c402138c8628ce65ae610dfce6d200b44d09a1649f44b219e4cd2c9eedacacb6

SHA512
9cbbb898ccd3b7650c3c93074a7219fcf2973175a4090f7b38fa270b53b2072c6e7d6f093c2e1457e35288c4af14f80d44ca32de142bd8477085f369073c9774

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe

Filesize
184KB

MD5
b753907b701e84c451f54daa1477ff23

SHA1
03393f10365ad28430fd8e411ead2b30c1acd985

SHA256
35e7c969efe3a4efd1e1fb46eac92abe180257a3792876b9a10cc0fb1bfcbce5

SHA512
f1281c51fb45332840d4093708a16bddc2461e5ea519d3a3cceaf259faa5f910d8b774cfb939c54161f2b2c11d351c6e333db3dee2c634783e0d81fd41350b7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe

Filesize
184KB

MD5
0465f04be518bf8f15aed2e417d59ada

SHA1
29f5b5f7a39158fc9198b63527adc18a2469a23b

SHA256
03beecf79532f818e5484bea9e5c5cfb8e009d504d27bf4c2661b55ab52863c0

SHA512
0a2cf0d564008943e328c2bef2aea6497789e7cacb21890cfc54388fa78d76a38542536e89434d655e60a7d9c28f9017cbc41e133fdd6d348aa6ace517f9f714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe

Filesize
184KB

MD5
aa5f86e9893777542aff4d0ec1f0dd0d

SHA1
afa61e6a23b87d121f0e3a8a4221c9f4a8aa64ac

SHA256
93e18a9ec42483fc45c89422c7126ab287da3aaa464110e9e826952b1565c33f

SHA512
d262304637ce05a055bed4c3a233d78ff94c73385843e9b57830744b44ce4ad6a946d89133df7c7e46ab5e3d42417003151731301a2da4b57c6cc858d2c2f382

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe

Filesize
184KB

MD5
22ff3853220771a54f79ee794fe70b59

SHA1
c46141a55820ee2c497180ffa50dc7354a757ab1

SHA256
16410f2af45215a3e25f3202a73501034b1ccdc47baf68a8e8b454eacbb86ba4

SHA512
beb3b6a5c1b85b799880a5c77eda444c062b34cb604da8f407553dc017ffa079efb935b5721e88e18e383ffb27fb56918db587cbbd98fc0c5e1ab0c8f818b2eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe

Filesize
184KB

MD5
f0628c7ff9e2791dc6e1720548f4a50b

SHA1
f078ae5f0719a401acd090f24c9773e484e8abc5

SHA256
c3fe294e127dec8085561666271efdd7354a2ff4bd8ac1e31e55b4ae87de83c8

SHA512
1c40156160dbd736cebd00b252ed28e77f97d6536a381a4da7f033af60623b9c312eb704ae7039f62d84daeebeb305d644532afd09525ca6f88eb2ea659edc30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe

Filesize
184KB

MD5
2dbb3f76bc2e985d5a8d5d85dec96a69

SHA1
a69704e4c6c5f958b57249c65d9ba447f4e3636b

SHA256
81c37cf0fb65f19acbcf6abbbfbca36412aa42d4820d3ce9e16b7c52f94e2a54

SHA512
36126c953cc7016f14b52da3fcb538616adb011382745296859810766758607f06050f26f2094fd8e263e7368c9d41ab8b9f2caa23fb8d6e2083a0dd26313a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe

Filesize
184KB

MD5
54520fc671b404d19446ef4fe1ed315d

SHA1
e6559970ded901d8578caaad7b6cb831f3a7b836

SHA256
cc457955a127fdd9fa635a25fd9465369cfa0baae99552ad756e61f59dc46b60

SHA512
70ea88b6530c813d18f02372b331f9853792c5ee9ceb920c04edeac99581ddb5735b1e6dcd091bc31d92c872020caa8f2dfc964ca041ca2e77afac0127b159db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe

Filesize
184KB

MD5
50be01a6ba2dd4bee119602566486c17

SHA1
bd530edb932fce6e437fc96b26a27a19ff7cb26e

SHA256
9ae9c5a7d40d76c7f60aa86d10d916ba53875d5669eeda01bf9d99f655d12e93

SHA512
a87a883091085bde159192f14cd95524bac6c6620c19b35098d3b651be2cd33a53acc68955a56cfb7d3d484ffc3a2e44737d7afabd5b699e77589187e7eacc4b

Download Submit