d2aeb49941e6d2c5050d7dfc3362bc2dc7b2a33c6b79866676de63660aca550a

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 19:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe
Size

184KB
MD5

0d699f69c8fac1b50f2e0d4c6f4b8c50
SHA1

34b573521f4bf52207119cda0b794965defd9534
SHA256

d2aeb49941e6d2c5050d7dfc3362bc2dc7b2a33c6b79866676de63660aca550a
SHA512

1ca869631669d24eb67ab94d0006f5f605139eeb37d59004566cce1184455fbba5d36fa9529f4db2a251da41a9869fc0bb7c7fe1e79e1f2caf9d1fdbb3607e0e
SSDEEP

3072:ZV2pysoj70OJd3KWes5LRK3xhlnniF7n3:ZVOoBH3KWLY3xhlnniF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 39 IoCs

pid	Process
944	Unicorn-52184.exe
4936	Unicorn-15017.exe
4780	Unicorn-29962.exe
3144	Unicorn-5671.exe
1368	Unicorn-56159.exe
2128	Unicorn-49382.exe
4168	Unicorn-34006.exe
3700	Unicorn-34560.exe
3588	Unicorn-5225.exe
3396	Unicorn-38666.exe
2548	Unicorn-22884.exe
4456	Unicorn-45848.exe
3476	Unicorn-7508.exe
1460	Unicorn-19014.exe
2244	Unicorn-20336.exe
2268	Unicorn-60622.exe
4616	Unicorn-26366.exe
840	Unicorn-41908.exe
1008	Unicorn-10627.exe
3952	Unicorn-56299.exe
2820	Unicorn-46808.exe
4772	Unicorn-43108.exe
4936	Unicorn-34124.exe
4756	Unicorn-45822.exe
2748	Unicorn-12957.exe
568	Unicorn-64104.exe
4908	Unicorn-40154.exe
2784	Unicorn-9833.exe
624	Unicorn-11971.exe
2236	Unicorn-20680.exe
3416	Unicorn-814.exe
3048	Unicorn-43793.exe
2664	Unicorn-47685.exe
660	Unicorn-5282.exe
3752	Unicorn-35454.exe
4404	Unicorn-35454.exe
4420	Unicorn-64042.exe
1364	Unicorn-31924.exe
1652	Unicorn-18350.exe

Program crash 54 IoCs

pid	pid_target	Process	procid_target
4560	4000	WerFault.exe	90
2772	944	WerFault.exe	91
772	4936	WerFault.exe	92
976	4780	WerFault.exe	93
2392	3700	WerFault.exe	108
5044	3144	WerFault.exe	101
416	1368	WerFault.exe	102
3056	2128	WerFault.exe	103
3248	4168	WerFault.exe	107
1012	3588	WerFault.exe	109
4836	2548	WerFault.exe	111
4184	3396	WerFault.exe	110
3248	4456	WerFault.exe	118
2960	3476	WerFault.exe	119
2772	1460	WerFault.exe	122
2252	2268	WerFault.exe	124
5000	3952	WerFault.exe	134
5176	4772	WerFault.exe	136
5992	3416	WerFault.exe	153
3940	4420	WerFault.exe	160
5272	2060	WerFault.exe	162
6032	3700	WerFault.exe	177
4312	392	WerFault.exe	188
3056	1364	WerFault.exe	163
6096	3048	WerFault.exe	154
548	5860	WerFault.exe	226
4988	688	WerFault.exe	237
5692	5768	WerFault.exe	225
1800	5424	WerFault.exe	252
1476	6136	WerFault.exe	299
2756	3328	WerFault.exe	288
1444	5648	WerFault.exe	324
404	6072	WerFault.exe	346
1208	5352	WerFault.exe	360
3952	4576	WerFault.exe	403
3128	6112	WerFault.exe	415
624	5044	WerFault.exe	398
3708	3540	WerFault.exe	548
6116	1356	WerFault.exe	514
4356	4940	WerFault.exe	515
64	5728	WerFault.exe	567
1824	5440	WerFault.exe	580
3704	5764	WerFault.exe	593
4168	4416	WerFault.exe	597
4672	4372	WerFault.exe	675
4052	1688	WerFault.exe	644
5508	688	WerFault.exe	683
4404	5972	WerFault.exe	672
2212	5756	WerFault.exe	712
5148	5820	WerFault.exe	699
5188	5532	WerFault.exe	746
4780	5992	WerFault.exe	750
4712	5212	WerFault.exe	803
5836	5468	WerFault.exe	801

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe
944	Unicorn-52184.exe
4936	Unicorn-15017.exe
4780	Unicorn-29962.exe
3144	Unicorn-5671.exe
1368	Unicorn-56159.exe
2128	Unicorn-49382.exe
4168	Unicorn-34006.exe
3700	Unicorn-34560.exe
3588	Unicorn-5225.exe
3396	Unicorn-38666.exe
2548	Unicorn-22884.exe
4456	Unicorn-45848.exe
3476	Unicorn-7508.exe
1460	Unicorn-19014.exe
2244	Unicorn-20336.exe
2268	Unicorn-60622.exe
4616	Unicorn-26366.exe
840	Unicorn-41908.exe
1008	Unicorn-10627.exe
3952	Unicorn-56299.exe
2820	Unicorn-46808.exe
4772	Unicorn-43108.exe
4936	Unicorn-34124.exe
568	Unicorn-64104.exe
4756	Unicorn-45822.exe
4908	Unicorn-40154.exe
2748	Unicorn-12957.exe
2784	Unicorn-9833.exe
624	Unicorn-11971.exe
3416	Unicorn-814.exe
2236	Unicorn-20680.exe
3048	Unicorn-43793.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 944	4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe	91
PID 4000 wrote to memory of 944	4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe	91
PID 4000 wrote to memory of 944	4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe	91
PID 944 wrote to memory of 4936	944	Unicorn-52184.exe	92
PID 944 wrote to memory of 4936	944	Unicorn-52184.exe	92
PID 944 wrote to memory of 4936	944	Unicorn-52184.exe	92
PID 4000 wrote to memory of 4780	4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe	93
PID 4000 wrote to memory of 4780	4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe	93
PID 4000 wrote to memory of 4780	4000	0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe	93
PID 4936 wrote to memory of 3144	4936	Unicorn-15017.exe	101
PID 4936 wrote to memory of 3144	4936	Unicorn-15017.exe	101
PID 4936 wrote to memory of 3144	4936	Unicorn-15017.exe	101
PID 944 wrote to memory of 1368	944	Unicorn-52184.exe	102
PID 944 wrote to memory of 1368	944	Unicorn-52184.exe	102
PID 944 wrote to memory of 1368	944	Unicorn-52184.exe	102
PID 4780 wrote to memory of 2128	4780	Unicorn-29962.exe	103
PID 4780 wrote to memory of 2128	4780	Unicorn-29962.exe	103
PID 4780 wrote to memory of 2128	4780	Unicorn-29962.exe	103
PID 3144 wrote to memory of 4168	3144	Unicorn-5671.exe	107
PID 3144 wrote to memory of 4168	3144	Unicorn-5671.exe	107
PID 3144 wrote to memory of 4168	3144	Unicorn-5671.exe	107
PID 4936 wrote to memory of 3700	4936	Unicorn-15017.exe	108
PID 4936 wrote to memory of 3700	4936	Unicorn-15017.exe	108
PID 4936 wrote to memory of 3700	4936	Unicorn-15017.exe	108
PID 1368 wrote to memory of 3588	1368	Unicorn-56159.exe	109
PID 1368 wrote to memory of 3588	1368	Unicorn-56159.exe	109
PID 1368 wrote to memory of 3588	1368	Unicorn-56159.exe	109
PID 2128 wrote to memory of 3396	2128	Unicorn-49382.exe	110
PID 2128 wrote to memory of 3396	2128	Unicorn-49382.exe	110
PID 2128 wrote to memory of 3396	2128	Unicorn-49382.exe	110
PID 4780 wrote to memory of 2548	4780	Unicorn-29962.exe	111
PID 4780 wrote to memory of 2548	4780	Unicorn-29962.exe	111
PID 4780 wrote to memory of 2548	4780	Unicorn-29962.exe	111
PID 4168 wrote to memory of 4456	4168	Unicorn-34006.exe	118
PID 4168 wrote to memory of 4456	4168	Unicorn-34006.exe	118
PID 4168 wrote to memory of 4456	4168	Unicorn-34006.exe	118
PID 3144 wrote to memory of 3476	3144	Unicorn-5671.exe	119
PID 3144 wrote to memory of 3476	3144	Unicorn-5671.exe	119
PID 3144 wrote to memory of 3476	3144	Unicorn-5671.exe	119
PID 3588 wrote to memory of 1460	3588	Unicorn-5225.exe	122
PID 3588 wrote to memory of 1460	3588	Unicorn-5225.exe	122
PID 3588 wrote to memory of 1460	3588	Unicorn-5225.exe	122
PID 1368 wrote to memory of 2244	1368	Unicorn-56159.exe	123
PID 1368 wrote to memory of 2244	1368	Unicorn-56159.exe	123
PID 1368 wrote to memory of 2244	1368	Unicorn-56159.exe	123
PID 3396 wrote to memory of 2268	3396	Unicorn-38666.exe	124
PID 3396 wrote to memory of 2268	3396	Unicorn-38666.exe	124
PID 3396 wrote to memory of 2268	3396	Unicorn-38666.exe	124
PID 2128 wrote to memory of 4616	2128	Unicorn-49382.exe	125
PID 2128 wrote to memory of 4616	2128	Unicorn-49382.exe	125
PID 2128 wrote to memory of 4616	2128	Unicorn-49382.exe	125
PID 2548 wrote to memory of 840	2548	Unicorn-22884.exe	132
PID 2548 wrote to memory of 840	2548	Unicorn-22884.exe	132
PID 2548 wrote to memory of 840	2548	Unicorn-22884.exe	132
PID 3476 wrote to memory of 1008	3476	Unicorn-7508.exe	133
PID 3476 wrote to memory of 1008	3476	Unicorn-7508.exe	133
PID 3476 wrote to memory of 1008	3476	Unicorn-7508.exe	133
PID 4168 wrote to memory of 3952	4168	Unicorn-34006.exe	134
PID 4168 wrote to memory of 3952	4168	Unicorn-34006.exe	134
PID 4168 wrote to memory of 3952	4168	Unicorn-34006.exe	134
PID 4456 wrote to memory of 2820	4456	Unicorn-45848.exe	135
PID 4456 wrote to memory of 2820	4456	Unicorn-45848.exe	135
PID 4456 wrote to memory of 2820	4456	Unicorn-45848.exe	135
PID 1460 wrote to memory of 4772	1460	Unicorn-19014.exe	136

C:\Users\Admin\AppData\Local\Temp\0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0d699f69c8fac1b50f2e0d4c6f4b8c50_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        10⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        12⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        13⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        14⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        15⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        16⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 720
        14⤵
        Program crash
        
        PID:624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 712
        9⤵
        Program crash
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        11⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        12⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        13⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        14⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
        15⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 492
        16⤵
        Program crash
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 764
        8⤵
        Program crash
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 724
        7⤵
        Program crash
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-617.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25288.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        11⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        13⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        14⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        15⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        16⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        17⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        18⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        18⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        19⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        20⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        21⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        22⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        23⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        24⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 656
        7⤵
        Program crash
        
        PID:5000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 764
        6⤵
        Program crash
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        12⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49577.exe
        13⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        14⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        15⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        16⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        11⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        13⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        14⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        15⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        16⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
        17⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        18⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        19⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        20⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        21⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        22⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
        23⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        24⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 636
        21⤵
        Program crash
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 660
        17⤵
        Program crash
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
        12⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        13⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        15⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        16⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        17⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        18⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        19⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        20⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        21⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        22⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        23⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        24⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 728
        22⤵
        Program crash
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        11⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        12⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        13⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        14⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        15⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        16⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
        17⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        18⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 636
        13⤵
        Program crash
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 740
        7⤵
        Program crash
        
        PID:5992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 744
        6⤵
        Program crash
        
        PID:2960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 748
        5⤵
        Program crash
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 720
        5⤵
        Program crash
        
        PID:2392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 748
      4⤵
      Program crash
      PID:772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2667.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        12⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        13⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        14⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        15⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        17⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        18⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        19⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        20⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        21⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        22⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26537.exe
        23⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62437.exe
        24⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        11⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        12⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21347.exe
        13⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        14⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17751.exe
        15⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        16⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        17⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        18⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        19⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        20⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        21⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        22⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        23⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        24⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        19⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        20⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        21⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        22⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        23⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 720
        18⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 744
        13⤵
        Program crash
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 744
        7⤵
        Program crash
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        6⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 632
        9⤵
        Program crash
        
        PID:548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 712
        6⤵
        Program crash
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        6⤵
        Executes dropped EXE
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25288.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        11⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        12⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        14⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        15⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        16⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        17⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        18⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        19⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        20⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        21⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        22⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        23⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 728
        18⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 636
        16⤵
        Program crash
        
        PID:64
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 720
        5⤵
        Program crash
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        6⤵
        Executes dropped EXE
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        11⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 724
        7⤵
        Program crash
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        11⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        12⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        13⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        14⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        15⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        16⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
        17⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        18⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        19⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        20⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        21⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        22⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 656
        18⤵
        Program crash
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        17⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        18⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        19⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        20⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        21⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        10⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        12⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        14⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        15⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        16⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        17⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        18⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
        19⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
        20⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        21⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 752
        17⤵
        Program crash
        
        PID:5148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 748
      4⤵
      Program crash
      PID:416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 756
    3⤵
    - Program crash
    PID:2772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25174.exe
        11⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        12⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        13⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        14⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        15⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        16⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        17⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
        18⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        19⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        20⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        21⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        22⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
        23⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        24⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 744
        8⤵
        Program crash
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        6⤵
        Executes dropped EXE
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38910.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6751.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        10⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        12⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55991.exe
        13⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        14⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        16⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        17⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        18⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        19⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        20⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        21⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        22⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        23⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 676
        20⤵
        Program crash
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 664
        18⤵
        Program crash
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 624
        10⤵
        Program crash
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        10⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        11⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        12⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58591.exe
        13⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        14⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        15⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        16⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        17⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        18⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        19⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        20⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        21⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        22⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        23⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 740
        7⤵
        Program crash
        
        PID:3056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 752
        6⤵
        Program crash
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        6⤵
        Executes dropped EXE
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        11⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        12⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        13⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        14⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        15⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        16⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        17⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        18⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        19⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        20⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
        21⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        22⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        23⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 636
        20⤵
        Program crash
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 652
        9⤵
        Program crash
        
        PID:5692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 744
        5⤵
        Program crash
        
        PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        6⤵
        Executes dropped EXE
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        7⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        11⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        12⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        14⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        15⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        16⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        17⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        18⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        19⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        20⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        21⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        22⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26065.exe
        23⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 708
        18⤵
        Program crash
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 644
        10⤵
        Program crash
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 724
        8⤵
        Program crash
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        10⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        11⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
        12⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        13⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        14⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        15⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        16⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        17⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        18⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        19⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        20⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        21⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        22⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 624
        20⤵
        Program crash
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        5⤵
        Executes dropped EXE
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        11⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        12⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        12⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        13⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        14⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        15⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        16⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        17⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        18⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        19⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        20⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        21⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        22⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        16⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        17⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        18⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        19⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        20⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        21⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 664
        10⤵
        Program crash
        
        PID:1208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 652
        9⤵
        Program crash
        
        PID:1444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 748
      4⤵
      Program crash
      PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        11⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        14⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
        15⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        16⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
        17⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        18⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        19⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        20⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        21⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
        22⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        23⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 740
        11⤵
        Program crash
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        11⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        13⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        14⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        15⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        16⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        17⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        18⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        19⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        20⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        21⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        22⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        16⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        17⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
        18⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 648
        14⤵
        Program crash
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 656
        9⤵
        Program crash
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18057.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        12⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        13⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        14⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        15⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        16⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        17⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 636
        18⤵
        Program crash
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        17⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        18⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        19⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        20⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        21⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 664
        14⤵
        Program crash
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 660
        8⤵
        Program crash
        
        PID:4988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 636
      4⤵
      Program crash
      PID:4836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 728
    3⤵
    - Program crash
    PID:976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 740
  2⤵
  - Program crash
  PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4000 -ip 4000
1⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 944 -ip 944
1⤵
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4936 -ip 4936
1⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4780 -ip 4780
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3700 -ip 3700
1⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3144 -ip 3144
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1368 -ip 1368
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2128 -ip 2128
1⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4168 -ip 4168
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2548 -ip 2548
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3588 -ip 3588
1⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3396 -ip 3396
1⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4456 -ip 4456
1⤵
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3476 -ip 3476
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2268 -ip 2268
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1460 -ip 1460
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2820 -ip 2820
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4616 -ip 4616
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1008 -ip 1008
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 840 -ip 840
1⤵
PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2244 -ip 2244
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3952 -ip 3952
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4772 -ip 4772
1⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4936 -ip 4936
1⤵
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4908 -ip 4908
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 568 -ip 568
1⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2748 -ip 2748
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4756 -ip 4756
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3416 -ip 3416
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4420 -ip 4420
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2060 -ip 2060
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3752 -ip 3752
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2664 -ip 2664
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1652 -ip 1652
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4500 -ip 4500
1⤵
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4168 -ip 4168
1⤵
PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2784 -ip 2784
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1944 -ip 1944
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3828 -ip 3828
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3700 -ip 3700
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 624 -ip 624
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3236 -ip 3236
1⤵
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4584 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2236 -ip 2236
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4428 -ip 4428
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4812 -ip 4812
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3380 -ip 3380
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2308 -ip 2308
1⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2648 -ip 2648
1⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4212 -ip 4212
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1208 -ip 1208
1⤵
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2096 -ip 2096
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2820 -ip 2820
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4748 -ip 4748
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 660 -ip 660
1⤵
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3048 -ip 3048
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 392 -ip 392
1⤵
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1364 -ip 1364
1⤵
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5256 -ip 5256
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4392 -ip 4392
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5860 -ip 5860
1⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1676 -ip 1676
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5156 -ip 5156
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5168 -ip 5168
1⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4404 -ip 4404
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5084 -ip 5084
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5760 -ip 5760
1⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5324 -ip 5324
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5688 -ip 5688
1⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5588 -ip 5588
1⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5364 -ip 5364
1⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5192 -ip 5192
1⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5408 -ip 5408
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5380 -ip 5380
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5312 -ip 5312
1⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5332 -ip 5332
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5936 -ip 5936
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5912 -ip 5912
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5464 -ip 5464
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5488 -ip 5488
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5960 -ip 5960
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5556 -ip 5556
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5620 -ip 5620
1⤵
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5680 -ip 5680
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5344 -ip 5344
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5424 -ip 5424
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5768 -ip 5768
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 688 -ip 688
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5904 -ip 5904
1⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5544 -ip 5544
1⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5524 -ip 5524
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5284 -ip 5284
1⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5944 -ip 5944
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5604 -ip 5604
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5576 -ip 5576
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5652 -ip 5652
1⤵
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4936 -ip 4936
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5888 -ip 5888
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5596 -ip 5596
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4068 -ip 4068
1⤵
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5880 -ip 5880
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5600 -ip 5600
1⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5616 -ip 5616
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4456 -ip 4456
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5924 -ip 5924
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5452 -ip 5452
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5356 -ip 5356
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6136 -ip 6136
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6004 -ip 6004
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1016 -ip 1016
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3328 -ip 3328
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5208 -ip 5208
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4520 -ip 4520
1⤵
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4048 -ip 4048
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3700 -ip 3700
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5648 -ip 5648
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1376 -ip 1376
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5868 -ip 5868
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5372 -ip 5372
1⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5288 -ip 5288
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2308 -ip 2308
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 940 -ip 940
1⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4780 -ip 4780
1⤵
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4036 -ip 4036
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3688 -ip 3688
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2620 -ip 2620
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3396 -ip 3396
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5088 -ip 5088
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4412 -ip 4412
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5124 -ip 5124
1⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2936 -ip 2936
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1020 -ip 1020
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5260 -ip 5260
1⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5476 -ip 5476
1⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4636 -ip 4636
1⤵
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6072 -ip 6072
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3948 -ip 3948
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3940 -ip 3940
1⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3968 -ip 3968
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5352 -ip 5352
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2340 -ip 2340
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5336 -ip 5336
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5968 -ip 5968
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5268 -ip 5268
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1944 -ip 1944
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3476 -ip 3476
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 752 -ip 752
1⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1248 -ip 1248
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4576 -ip 4576
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1964 -ip 1964
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5812 -ip 5812
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3504 -ip 3504
1⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5500 -ip 5500
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5188 -ip 5188
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4816 -ip 4816
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2548 -ip 2548
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5324 -ip 5324
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3424 -ip 3424
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5704 -ip 5704
1⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5020 -ip 5020
1⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2032 -ip 2032
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1664 -ip 1664
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5696 -ip 5696
1⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 228 -ip 228
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6112 -ip 6112
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1688 -ip 1688
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5944 -ip 5944
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3056 -ip 3056
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5604 -ip 5604
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1628 -ip 1628
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1632 -ip 1632
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5744 -ip 5744
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5412 -ip 5412
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5356 -ip 5356
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5764 -ip 5764
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5276 -ip 5276
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4964 -ip 4964
1⤵
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5788 -ip 5788
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1676 -ip 1676
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5884 -ip 5884
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5460 -ip 5460
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5480 -ip 5480
1⤵
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5044 -ip 5044
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3888 -ip 3888
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4256 -ip 4256
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4404 -ip 4404
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1216 -ip 1216
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4068 -ip 4068
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2096 -ip 2096
1⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3924 -ip 3924
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2416 -ip 2416
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5172 -ip 5172
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4456 -ip 4456
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5972 -ip 5972
1⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2876 -ip 2876
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5664 -ip 5664
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5332 -ip 5332
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5584 -ip 5584
1⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5180 -ip 5180
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5524 -ip 5524
1⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5396 -ip 5396
1⤵
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5808 -ip 5808
1⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2248 -ip 2248
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2324 -ip 2324
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2748 -ip 2748
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2308 -ip 2308
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4836 -ip 4836
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3540 -ip 3540
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4312 -ip 4312
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5548 -ip 5548
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1356 -ip 1356
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5376 -ip 5376
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4588 -ip 4588
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1460 -ip 1460
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6096 -ip 6096
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5632 -ip 5632
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 416 -ip 416
1⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4372 -ip 4372
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4480 -ip 4480
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4784 -ip 4784
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4496 -ip 4496
1⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5304 -ip 5304
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1012 -ip 1012
1⤵
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4940 -ip 4940
1⤵
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 836 -ip 836
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5504 -ip 5504
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3968 -ip 3968
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5896 -ip 5896
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5256 -ip 5256
1⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5488 -ip 5488
1⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5976 -ip 5976
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4296 -ip 4296
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6060 -ip 6060
1⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5364 -ip 5364
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6100 -ip 6100
1⤵
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2784 -ip 2784
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4136 -ip 4136
1⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3860 -ip 3860
1⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5268 -ip 5268
1⤵
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5812 -ip 5812
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 220 -ip 220
1⤵
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 60 -ip 60
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5744 -ip 5744
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6036 -ip 6036
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5728 -ip 5728
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5444 -ip 5444
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5920 -ip 5920
1⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1944 -ip 1944
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5276 -ip 5276
1⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1468 -ip 1468
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5440 -ip 5440
1⤵
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 2000 -ip 2000
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 976 -ip 976
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5024 -ip 5024
1⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5356 -ip 5356
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5764 -ip 5764
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1756 -ip 1756
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5568 -ip 5568
1⤵
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5992 -ip 5992
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3088 -ip 3088
1⤵
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5912 -ip 5912
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4088 -ip 4088
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4416 -ip 4416
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2112 -ip 2112
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4800 -ip 4800
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1016 -ip 1016
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5196 -ip 5196
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2368 -ip 2368
1⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 404 -ip 404
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6020 -ip 6020
1⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5020 -ip 5020
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5184 -ip 5184
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4372 -ip 4372
1⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2168 -ip 2168
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1688 -ip 1688
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3608 -ip 3608
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 568 -ip 568
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3888 -ip 3888
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5328 -ip 5328
1⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5608 -ip 5608
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5280 -ip 5280
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 772 -ip 772
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 208 -ip 208
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6048 -ip 6048
1⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5572 -ip 5572
1⤵
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6108 -ip 6108
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5836 -ip 5836
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5972 -ip 5972
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 688 -ip 688
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5664 -ip 5664
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2916 -ip 2916
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5540 -ip 5540
1⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5140 -ip 5140
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4900 -ip 4900
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5868 -ip 5868
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5464 -ip 5464
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 836 -ip 836
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6080 -ip 6080
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4772 -ip 4772
1⤵
PID:184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6016 -ip 6016
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5756 -ip 5756
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2328 -ip 2328
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 220 -ip 220
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5820 -ip 5820
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5488 -ip 5488
1⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6060 -ip 6060
1⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 464 -ip 464
1⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3240 -ip 3240
1⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4316 -ip 4316
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5720 -ip 5720
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3236 -ip 3236
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4588 -ip 4588
1⤵
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 3180 -ip 3180
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3844 -ip 3844
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5388 -ip 5388
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5276 -ip 5276
1⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5252 -ip 5252
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2620 -ip 2620
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2400 -ip 2400
1⤵
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 960 -ip 960
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4136 -ip 4136
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5604 -ip 5604
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5164 -ip 5164
1⤵
PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 3700 -ip 3700
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3952 -ip 3952
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3536 -ip 3536
1⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5532 -ip 5532
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5632 -ip 5632
1⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1248 -ip 1248
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5712 -ip 5712
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 808 -ip 808
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4904 -ip 4904
1⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5800 -ip 5800
1⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5992 -ip 5992
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2340 -ip 2340
1⤵
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3532 -ip 3532
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2816 -ip 2816
1⤵
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2784 -ip 2784
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5088 -ip 5088
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5928 -ip 5928
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2416 -ip 2416
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5312 -ip 5312
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3396 -ip 3396
1⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5516 -ip 5516
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1476 -ip 1476
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6132 -ip 6132
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5588 -ip 5588
1⤵
PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5384 -ip 5384
1⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5468 -ip 5468
1⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5212 -ip 5212
1⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4168 -ip 4168
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5988 -ip 5988
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4624 -ip 4624
1⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5216 -ip 5216
1⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4424 -ip 4424
1⤵
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5976 -ip 5976
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5236 -ip 5236
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 404 -ip 404
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5860 -ip 5860
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3972 -ip 3972
1⤵
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1824 -ip 1824
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4772 -ip 4772
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3888 -ip 3888
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5652 -ip 5652
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1376 -ip 1376
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3812 -ip 3812
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3040 -ip 3040
1⤵
PID:64

Network

DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.213.10

chromewebstore.googleapis.com

IN A

172.217.169.10

chromewebstore.googleapis.com

IN A

216.58.212.234

chromewebstore.googleapis.com

IN A

172.217.169.74

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

pki.goog

Remote address:

8.8.8.8:53

Request

pki.goog

IN A

Response

pki.goog

IN A

216.239.32.29
DNS

pki.goog

Remote address:

8.8.8.8:53

Request

pki.goog

IN Unknown

Response
GET

http://pki.goog/gsr1/gsr1.crt

Remote address:

216.239.32.29:80

Request

GET /gsr1/gsr1.crt HTTP/1.1
Host: pki.goog
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 797
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 18:35:35 GMT
Expires: Sat, 25 May 2024 19:25:35 GMT
Cache-Control: public, max-age=3000
Age: 1635
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/repo/certs/gtsr1.der

Remote address:

216.239.32.29:80

Request

GET /repo/certs/gtsr1.der HTTP/1.1
Host: pki.goog
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1371
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 18:42:32 GMT
Expires: Sat, 25 May 2024 19:32:32 GMT
Cache-Control: public, max-age=3000
Age: 1218
Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
GET

http://pki.goog/repo/certs/gts1c3.der

Remote address:

216.239.32.29:80

Request

GET /repo/certs/gts1c3.der HTTP/1.1
Host: pki.goog
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1304
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 May 2024 18:55:06 GMT
Expires: Sat, 25 May 2024 19:45:06 GMT
Cache-Control: public, max-age=3000
Age: 464
Last-Modified: Mon, 17 Aug 2020 09:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

29.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.32.239.216.in-addr.arpa

IN PTR

Response

29.32.239.216.in-addr.arpa

IN PTR

any-in-201d1e100net
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

41.173.79.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.173.79.40.in-addr.arpa

IN PTR

Response

142.250.187.202:443

chromewebstore.googleapis.com

tls

941 B
5.2kB
8
8
216.239.32.29:80

http://pki.goog/repo/certs/gts1c3.der

http

1.3kB
6.1kB
10
10

HTTP Request

GET http://pki.goog/gsr1/gsr1.crt

HTTP Response

200

HTTP Request

GET http://pki.goog/repo/certs/gtsr1.der

HTTP Response

200

HTTP Request

GET http://pki.goog/repo/certs/gts1c3.der

HTTP Response

200
13.107.246.64:443

46 B
40 B
1
1

8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
315 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

pki.goog

dns

54 B
70 B
1
1

DNS Request

pki.goog

DNS Response

216.239.32.29
8.8.8.8:53

pki.goog

dns

54 B
128 B
1
1

DNS Request

pki.goog
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

29.32.239.216.in-addr.arpa

dns

72 B
107 B
1
1

DNS Request

29.32.239.216.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

41.173.79.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

41.173.79.40.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe

Filesize
184KB

MD5
08652c2b9a13ab30b75bc4e8a487f0b8

SHA1
283622f5a2b0e590a2de483cd826269ce52501d0

SHA256
8654877a4aa476139a43f9b7d03bdf825bb332beefe120a95b5a1fcc4d664e3e

SHA512
ccb19f97684ca4f307a6792bb00e12a2629ab198f9f407a5ad8c8fdcd2d2e12d715f3b1557d8a744ef2d6a33532c10881db6e0a42519312bf0c3a9c21dca54af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe

Filesize
184KB

MD5
642626e3cbbfe669a414296207a8fd4c

SHA1
33e3707026946fd1560d156a0269c4913834da4b

SHA256
57770a9517b97f662681d1df78c7258ad69c57961ad7c9e4d1e4612ae68663dc

SHA512
6d81c13dd564af766c45f903f1202e850b88c229f2d6b4d4ac2e836c960828a05d178c505bfc44b1e8307a0f87b1d27a471c79979b5267cbfd035b3eb9ee1a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe

Filesize
184KB

MD5
ea5b41c03c3b920f2b63d061a202a5c2

SHA1
f33abe6270ff8e5701f58b9602da02d9382f45db

SHA256
0213960a0deb41974874b81f39b69b6c54bcea9af129c281ac66c50a75d130a0

SHA512
cc18a5bbd31778940afdb4fa025446c795b7764b7d26dbe8619bcba53d5eae9f76013d78ecd22bd7742a2dabf3395fe3c212c07ba1160e4959a55cd0f2cdea25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe

Filesize
184KB

MD5
d96becfa508438a9e8415227cdce2df5

SHA1
4cfa33a70359185562185c076cebe0b3e993277d

SHA256
ba466410373832931725dccaffdf1bcfce0ef0b731414f6224d7a04a468f26da

SHA512
9355e8d378a7fd23841257eb01cea53f38302af29555e7ab6d48a5f23bcf6289d24cee2f112a753133f3a778a634312e1eb2302466689344e681df86889a0b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe

Filesize
184KB

MD5
d3497c3a5bc95f3b7fd310c44af9d0ac

SHA1
aa954380dc31fd8104719c7dd86305650f1d1807

SHA256
18f69bd029e23d277f23bc0d8d937f7a05d6fc2d36d500ee87a05a4c11934a0a

SHA512
ab0dd1f322f169ad94d221760b676609c8e5584b45984bd8355c61147be9e3815e625774a0089c2690e9065ac7386ccb52e275623eca0153e42049d0fdc42070

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe

Filesize
184KB

MD5
af7579067d436be6f0f359d6c49e3851

SHA1
0b354903910f7330c420d224cb7b0a216dfe0393

SHA256
c44f7a87de20e2f28e56d8411aa06ffd98160bf08d20505bd23e11c3335acf5b

SHA512
00eef35ae4da8d21e0f3aacc494b5d7f62042c4664caf043bfa0d6d2304f24c41eb2c0e568c164be410ea22b5dc14a53596da45b47789221b1d1e40f75ed0a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe

Filesize
184KB

MD5
df93101713d6166b05a0d721401db920

SHA1
5b6fd420dd1cf6ae0fe84cf8450b7fa3f2928225

SHA256
5029837a5066cf70071bbc4a5cf3ed898929b59ef43d676dc6e965860426a837

SHA512
bd33bfcd606791662a839f3cc300742fab079316b113e00906291630c388aa8f14bcb785344a819f666a1341b9af53922ab75be0561a7357f889b9a516c1071d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe

Filesize
184KB

MD5
1a8b48274e22034f40c721d65734ea94

SHA1
094eb59ab9255bed33b0ffbb5e8e07bd64bd5e6d

SHA256
c103374ba4d6fcf3185ee3ed94e8bd781dc5a273844f1c8baba92db116ce2cfd

SHA512
690763d559f66269481f28807d47ef41f2c0a4c52359836d791d31a76590fcf724744a49688e678aa26ccbfb2e1aca66d8486926632e40cd640b42e71c83ae95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe

Filesize
184KB

MD5
101f2f96fb853d665cd8e87df52b0dd6

SHA1
76fce08eddf0fbb2012b7951231413b7c4f30de7

SHA256
0cca0df596aab335693597bb5df3d2b25fdf51a76986ef51cd83cca531f7f2ac

SHA512
5c149d3875b706dcdd48f58475b2c1904bc01730ab7b4a72a80f4ba8f7f83dd5650528e646df62aa10925aed78e50b4c4bbcadb6baa742a88de2394fb529f875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe

Filesize
184KB

MD5
2f9b6aa694e9ca7df45b48bad89fa6a3

SHA1
faf6e23fcd5df207eab4d1f21960ff46084f00d6

SHA256
99e01470391bbf2bd3d3763dfed8fdb3a2225b91ed43abdb96bd4f5e7f27125f

SHA512
591481b0d3a29e796750d6f241e7280a7d02e12b9c2da5c1823c104c1adc4d2209e9933f5f0775115b6dab6eebf48b7727291c340055fd76cc0617656ebab8c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe

Filesize
184KB

MD5
bd9de2ea8d2d10ed328d8a27d523fb93

SHA1
c4c4bd18c6bac138353820c126371b20bd5eaee0

SHA256
5199773120da9d33099d0e1cfba230f6218f3a9d8712b4439b8472368bd93fa6

SHA512
d103d487569706ca70c0c5930c8e31628aa072a1d3343ac11783d6c86941580350357ff981fa86680362efc04c7bfc338018c7f07289590b764e943ff12a2299

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe

Filesize
184KB

MD5
7c731cc174d2495fbd73cc78a90ad383

SHA1
757abfbbc24273f16c94dfe691bb4d3a8cd9fd27

SHA256
f94e2e2320f4c8ce3d769d63a09c7d3f3790fc62046b7b1335c668dc45252b9f

SHA512
ee958a5bc555ed713415f791472345d329929628e21e19fdd374b670f3183f40f43885863800a4d8b3d78a991c4a510d9979a4bbc7abc931fe25791ac68f86f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe

Filesize
184KB

MD5
f8c8d639cc784daafc20c376cbb746e7

SHA1
483c2b4f68a7e6e49dc8bce393f1b12229e92331

SHA256
a2dbbda7abf072cb3f7be0f33aadf540ca97a3dc0038cfa3535185f6ce0374db

SHA512
96b8125416e409ea622a336e27be938af00c77a698939d0055fdfe3a0b1bca477480ab7a5e6695f2ab6ebb04a68cf2fb8df6212fbc3e8c5016835850f29285c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe

Filesize
184KB

MD5
df02d4865738ad93d2226d3de23267ee

SHA1
4258fd6ae07012e662a2a0468c6ae34c051cb9c6

SHA256
cca4616b410b97153c6aa9b95198ecc3fca1516157c6db410d1d0cf06ae4fdd2

SHA512
9d92183c843d3743fb2567265dc1dc55b9ccb9420d3346c56df3a30bf2b69cf9551d8453f43e045b23db42f340403a65e3442f1c645e6ef2c1295bebd3d6e162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe

Filesize
184KB

MD5
56776061d5503c3fe77ca095f023d3a8

SHA1
c979f044f04f47f5ab1cbc35462ce94452acf021

SHA256
c244b629184a7e8c40af34f5455122266788fecf24c2e8029473ec7467139b17

SHA512
c32305198ec45b2241731b42c949be544d54b95d9fdc1b319f0650fff3580ec68b99e04bdb3a3637e71738d3e550a3e82f4c7fd800e2a77ff02f4b64f651c18a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe

Filesize
184KB

MD5
efa12949009c47b7c41d10d5af7d9d8a

SHA1
f0b24897e6ca2166d25b0d200fe92abbea29168b

SHA256
75d3587d59bae805dcd76ca974fe4e513d299306d9b1284c64b23503fd30dd11

SHA512
a65c9089cf193f5aee435e24408ea3cb90b4679392423aec8adf87094aeaf65b978fb6779cf72ba14040c55022f35a4e91a656ced8cf255ac82637df46ce7b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe

Filesize
184KB

MD5
104942faa4b0e3eb65237b3143d39191

SHA1
1e397fabe64703611c5fef0ddbd6622aae58a464

SHA256
b1d3ef7875c4e1cd3a71c567cf219243da5587e0ee1ea67b505687325f79d5eb

SHA512
77b18606d8a7fa7b217165864cd521c302cc203694c24ad7aa9a36584eda23ce5f52d6faf49a498f9f1c07676948546747acd94db31b7e7f8f98b38c36db25fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe

Filesize
184KB

MD5
2493e0fc5dcb57bb4d4f17c7e0fd9b5b

SHA1
9ae1fc2c3ceef8cde2fbd602f41188c1680c68ca

SHA256
88d9aae600736337119f994cde7172dc8196c4c2f4c11fc5e3a7a620d0f9b067

SHA512
8291a7b54ea8c44df6573cb396aa580d373e2c6875311d5e4a2da2bc14e75b71e34c28e71a15e97a50ebee0fed8749699a944ceb56331529c912d6dbd742d3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe

Filesize
184KB

MD5
c64cbab00291c9382ba073e4fa46a7e7

SHA1
e3be8baff8ea1531938912d6c66157d51a098c24

SHA256
da5fcba6f98c57838e373aa81019f0556d2fdeb914f5fdb8ea6e40ae97557e09

SHA512
595bee729523317ab64fdbc447a9266adc074f2fc1a15e014a7cbfb41a604afcf5a46b4c62edc55e68bbdd6f23c52eec5dca46bc845253ef8d292f07448781de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe

Filesize
184KB

MD5
a0b29bb286873c089e1f404dbd61dbb9

SHA1
00bc369c4ca41304e62504cb02117774ace6aec4

SHA256
2c54ac9d0c16beb3991c755f44f3205870e644d4222b7d836e0023c3e7a04f03

SHA512
3d7c3a424c079cfa132509f86376eab22af2a013d492007b5254678238810c15493059a8a244d3fbbf7569ffeb63afc88566df3d757e657f51adb95ebb5689d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe

Filesize
184KB

MD5
c34d8a49697959ee7c431d3eccf33624

SHA1
a1ba3cefe5869e187ab30a2f56b912ad609a860b

SHA256
3675ba20d525ac31a3504f9d0af8df7c3e5d35eab6ee0c2d7eb4d67d3e3dc223

SHA512
c2dd9a09394d4057e9469200e8e0401ea187917db23cc56af0667aae44a24fb79fe491a15002a092f565fa4074b9ec2b1db057c2d943bae638f56d0ff95b2709

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe

Filesize
184KB

MD5
d84701a626625587e59b49124119c068

SHA1
2af3ab763a4b41dff9a3f3da2d744a9fbd0700b2

SHA256
656797890d2d11ccd5617349a829099c2cf70f24b84c40c581e27806615bf71c

SHA512
d69456318690e9f9ba3980bc8ba253e734ef9c1ab23be24cd7e571727838021856514c0ed22872e54317b33fd2f3cea4a10faf6200044d034a59fda777a1babb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe

Filesize
184KB

MD5
dbd0f318af099101689049a486545119

SHA1
2c321c68ac7775cac50a05b1e92c47e50f9018b8

SHA256
283ef87d192171bd8c82f28d1c109134369458f8d2c80b4ef3b799627aba7fe4

SHA512
8ad92d6f6b1a88f7b27d2f3ebb3dd8f50f1be218d5e2a39e25c6aa18cef13a1cfeddad214b44ff9a2592847b0fceee25fc9cb86b66a3707c8e1426fae7c5f90f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe

Filesize
184KB

MD5
85b3d630cd29f3dc40a10af98544ade4

SHA1
71c607e0206fe00335d8582e2472978ac089749c

SHA256
f3a7a3c36e3cd05e72719856406ad306418ccf66fcec7f47a1b33064837a8756

SHA512
935ba198f74a5e0611951f05f559732ca14a998861305687505d202a8b8d5711537234b780666d16a3acf515eb1da244c6f231fbf00910868de8d35790e412f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe

Filesize
184KB

MD5
6a05672808549239a33e0e9f53b77ec4

SHA1
d1189f25a9615ef99aeb9059b12bafe62bd31952

SHA256
10eda166e992dd34b4cce7ff1a283ba883dbca09b463779962ef650089490fe0

SHA512
faa61fbd06c0db0352590d59e9168af7ee4542e93db9a255cfc0c897ecd70b617cb113858b0c3788fef2be71555ed1c7a863e84dfcf5483477f0bfe4ddbe8d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe

Filesize
184KB

MD5
dfa20f7b22b154e8385f02ae368c889c

SHA1
74a94396bf74c6eaffc1f6e5d439210229218c0a

SHA256
74f2ea174b9c6038f973bbc10dfbe7927a18df5880d1c5755f32ac5086da3e93

SHA512
2809ebac582789dcf01a0c8940fda930d7b3b16beae68a614d0f210cf38fb99528fa2f474ed00f8f8c8ccaf8a3e8e041d88ca12b5b2022dacd2d0f177e21ad75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe

Filesize
184KB

MD5
084a31261fca6471c3ce963ea41100d1

SHA1
3ae44ed8122509e76e2b89b4f63c2a46352862b2

SHA256
dd70666818cebc3f612f2fc33dcd4ee8e4a6baa70b48d7e6f282a447dd49f215

SHA512
c1d542a6cfc643620fd0ed441cd0eccc3096b2e5abebfdb5ef0b96c73cea3e49a3e055d6f5e30b6c7047fc40cc3369f3571af9447f916e802900a7000b33020b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe

Filesize
184KB

MD5
1e8f0835aa9c943a202d7a637048ac4a

SHA1
45a1f45231b1fc4f7db2789098bc5609f17a9e64

SHA256
75b2fef742688b0749c54362577f6f274959a484285465df84115880e4676ad4

SHA512
12d9d79c6f53ae381d77c462bad1efd191237b00afb06a99730c0195de36cb4a161f7c00c519abdd13c560529dc7d3c144f2aa8ad5d56fa9dd7e58a3c076a897

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe

Filesize
184KB

MD5
99a43f399a92a75a9f78e2366456b144

SHA1
a802e7c4a7c25a010e01d24d0056510f191eb3a1

SHA256
1c00ae370b824c493cba9050cb04ea72cbed85992b64af23ce5d9cba8def5dae

SHA512
a86c04400cf4ed71f6b10e40bb798f7f357aa514a909de7f99eabac627b237969512f84441196ed4473d4685e96fbd2ee5b0c2a013472724649cc5b44600e84c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe

Filesize
184KB

MD5
57ab30b30531ba6a6eef2ff93a4190b5

SHA1
4e09fceedd26154b3235b5e6e1fefbff879d6d7b

SHA256
b32894985082965cf734bc3243ecd2dbc553a9f7da5449de70c0c1eb6b61a822

SHA512
bc5fb976e6e804273b8e3123d05b716b786d1f77a3850a3939b563fb32e18be804b07353bf733317f39c1dd83b73fff2225b6e8048a319ae919e506aaa6e3f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe

Filesize
184KB

MD5
a9dcc90ddd6a0e201c4fe1284633d4de

SHA1
a8cad39727c165a8001e7ca9feef392e337fc696

SHA256
ef18c778f725bf57c475d760a5935cbe970f0607effa64a9e265a8f90a00f582

SHA512
fa1648dfd2a47a6472358ba3b3db57e3aee79a1efe140fd911bdb909437d02bf8194ca84a2f3cd25782ff786483f13d9c8fe447461f8fe814f4f12de542f0303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe

Filesize
184KB

MD5
8bec087ccee8ea39e75c8e75145376c8

SHA1
05a74133bb498a367b80b0ed89ba257e28bd4498

SHA256
ad68b258138c7061f1dd405e51e87f638eb8d13ec9c35c249cfbb88019e73702

SHA512
08f252f43b3110074187dd69d80c20205c91256c08f605891e85950187b42c1f0ab02b9ce4910f7f29b1ec4e13cb3da47606ec8f6952fbb493b871c79c2a184f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe

Filesize
184KB

MD5
6bbf22d1021955e8e70e5cbb3d7dc909

SHA1
71149a1b4df85d4ddc7bc76f32daef0cf2a2c6b5

SHA256
53c38c2ae64164090ad31726638ca93efe46c9a0e2f9922fcc51360d4c2da565

SHA512
3b6ff8341693a6c3653595da55ddd06eed1dde586e29cfcbd39c6c40929f6493cd134cd3230369625b306f5a1e96addc1870fbff06873856984facbb51a92e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe

Filesize
184KB

MD5
f1cf0f1c9d027a38b642186e8cf7d57a

SHA1
bf639229b8df8f5be71bfd80adf47eeb604b4c4b

SHA256
75dae6b79972acfffc1e19398920fd198439d6f84ae7a1b9790b1c042d03e1e1

SHA512
d1d6a09eeb09a8007e3f5bc0d4886dab7e4e3a83365d080209fc7211765b45fcaffabc0415c018053bba90209791bf02803f078d147235282ab0a7b4e0be00c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe

Filesize
184KB

MD5
34e32b41026d28d1c599883348fe0f3b

SHA1
55244ac6936e3c3c7bf48d99a17563c22d50c1ce

SHA256
84822b874ed5ade7daf1f8953c2d5b2eff8927ec40d8eabe18eb10ae06506541

SHA512
4a35c13dae60edc66b6977dbefa6bd92b69fbb7a3dd0a8edcecbcb811156ea5e68ac34f5bdcbeb617132712fd3348d427d36531ce19a325be722098eb4a658a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe

Filesize
184KB

MD5
87fed4f03ad55dd306d87e40fb6595c6

SHA1
6cc8c18d006e2a11a897dd2fa3962433bbaa40a0

SHA256
a57e801ef9a508ca8c8576f74796eeab85ddda09721f0f85a0775abf4646489c

SHA512
106d4d0a47961c94fb41d91ea0ab0c360b8e1d4b7b72bfb27e3079ba93c5886f37c4bed1f1173b9ebfc586b85f7c5da8c12279aad26353eff891d6d0b34aef4f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.