e5415cf13b78097b9c5caa7d739fb62a24cd7f405c6182f0b0de39937c32f9e1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 03:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe
Size

184KB
MD5

3093a28a8225e001cb66978a33b35290
SHA1

6faf5daa106fa9f8dcd473807bd9dafc05d4903d
SHA256

e5415cf13b78097b9c5caa7d739fb62a24cd7f405c6182f0b0de39937c32f9e1
SHA512

bfbb5641d3bcbb8f50540f7fefe12060e97d1a8ea3b2c19ff4b52836d3946a659db6a7e04d1392de8f2f2749a4884e960243652aa8b73c7b38fe29bae807415f
SSDEEP

3072:fxZvPmoTus1Vd4wtW2S8ZUoecvnqpaiFFn3:fxMo3z4w28qoecPqpaiFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 31 IoCs

pid	Process
1368	Unicorn-50079.exe
3428	Unicorn-50079.exe
1904	Unicorn-30213.exe
3560	Unicorn-50079.exe
4084	Unicorn-50079.exe
3792	Unicorn-30213.exe
4584	Unicorn-50079.exe
4056	Unicorn-30213.exe
3380	Unicorn-50079.exe
1444	Unicorn-50079.exe
4612	Unicorn-30213.exe
2784	Unicorn-50079.exe
3948	Unicorn-50079.exe
1608	Unicorn-30213.exe
4880	Unicorn-50079.exe
4376	Unicorn-50079.exe
4508	Unicorn-30213.exe
4404	Unicorn-30213.exe
2316	Unicorn-50079.exe
2424	Unicorn-50079.exe
2308	Unicorn-30213.exe
2376	Unicorn-50079.exe
2676	Unicorn-30213.exe
3140	Unicorn-50079.exe
4716	Unicorn-50079.exe
4556	Unicorn-50079.exe
2788	Unicorn-50079.exe
4524	Unicorn-50079.exe
3388	Unicorn-30213.exe
4240	Unicorn-50079.exe
764	Unicorn-30213.exe

Program crash 43 IoCs

pid	pid_target	Process	procid_target
1376	1368	WerFault.exe	91
4264	4076	WerFault.exe	90
3816	3428	WerFault.exe	92
5052	1904	WerFault.exe	93
4460	3560	WerFault.exe	99
1580	4084	WerFault.exe	100
748	3792	WerFault.exe	101
3148	4584	WerFault.exe	107
4192	4056	WerFault.exe	108
4964	3380	WerFault.exe	109
216	1444	WerFault.exe	110
5808	4404	WerFault.exe	124
5832	4556	WerFault.exe	138
4348	2784	WerFault.exe	118
3952	3948	WerFault.exe	119
5628	4240	WerFault.exe	142
5644	4524	WerFault.exe	140
4964	2880	WerFault.exe	154
1576	2308	WerFault.exe	133
4396	3780	WerFault.exe	179
5820	5136	WerFault.exe	182
864	5900	WerFault.exe	209
5508	5860	WerFault.exe	204
5432	5624	WerFault.exe	273
5184	5624	WerFault.exe	273
6380	1812	WerFault.exe	301
5188	3872	WerFault.exe	360
6068	4876	WerFault.exe	388
392	5512	WerFault.exe	343
6596	212	WerFault.exe	415
1172	6492	WerFault.exe	450
6352	5392	WerFault.exe	418
5760	7164	WerFault.exe	496
3948	7092	WerFault.exe	492
6416	6956	WerFault.exe	479
2632	5300	WerFault.exe	566
5224	5832	WerFault.exe	546
4216	6716	WerFault.exe	549
5456	4864	WerFault.exe	543
6416	5996	WerFault.exe	669
5356	6672	WerFault.exe	678
2432	6980	WerFault.exe	700
5448	7132	WerFault.exe	693

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe
1368	Unicorn-50079.exe
3428	Unicorn-50079.exe
1904	Unicorn-30213.exe
3560	Unicorn-50079.exe
4084	Unicorn-50079.exe
3792	Unicorn-30213.exe
4584	Unicorn-50079.exe
4056	Unicorn-30213.exe
1444	Unicorn-50079.exe
3380	Unicorn-50079.exe
4612	Unicorn-30213.exe
2784	Unicorn-50079.exe
3948	Unicorn-50079.exe
1608	Unicorn-30213.exe
4508	Unicorn-30213.exe
4404	Unicorn-30213.exe
4376	Unicorn-50079.exe
2316	Unicorn-50079.exe
2424	Unicorn-50079.exe
2308	Unicorn-30213.exe
2376	Unicorn-50079.exe
2676	Unicorn-30213.exe
3140	Unicorn-50079.exe
4716	Unicorn-50079.exe
2788	Unicorn-50079.exe
4556	Unicorn-50079.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 1368	4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe	91
PID 4076 wrote to memory of 1368	4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe	91
PID 4076 wrote to memory of 1368	4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe	91
PID 1368 wrote to memory of 3428	1368	Unicorn-50079.exe	92
PID 1368 wrote to memory of 3428	1368	Unicorn-50079.exe	92
PID 1368 wrote to memory of 3428	1368	Unicorn-50079.exe	92
PID 4076 wrote to memory of 1904	4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe	93
PID 4076 wrote to memory of 1904	4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe	93
PID 4076 wrote to memory of 1904	4076	3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe	93
PID 3428 wrote to memory of 3560	3428	Unicorn-50079.exe	99
PID 3428 wrote to memory of 3560	3428	Unicorn-50079.exe	99
PID 3428 wrote to memory of 3560	3428	Unicorn-50079.exe	99
PID 1904 wrote to memory of 4084	1904	Unicorn-30213.exe	100
PID 1904 wrote to memory of 4084	1904	Unicorn-30213.exe	100
PID 1904 wrote to memory of 4084	1904	Unicorn-30213.exe	100
PID 1368 wrote to memory of 3792	1368	Unicorn-50079.exe	101
PID 1368 wrote to memory of 3792	1368	Unicorn-50079.exe	101
PID 1368 wrote to memory of 3792	1368	Unicorn-50079.exe	101
PID 3560 wrote to memory of 4584	3560	Unicorn-50079.exe	107
PID 3560 wrote to memory of 4584	3560	Unicorn-50079.exe	107
PID 3560 wrote to memory of 4584	3560	Unicorn-50079.exe	107
PID 3428 wrote to memory of 4056	3428	Unicorn-50079.exe	108
PID 3428 wrote to memory of 4056	3428	Unicorn-50079.exe	108
PID 3428 wrote to memory of 4056	3428	Unicorn-50079.exe	108
PID 4084 wrote to memory of 3380	4084	Unicorn-50079.exe	109
PID 4084 wrote to memory of 3380	4084	Unicorn-50079.exe	109
PID 4084 wrote to memory of 3380	4084	Unicorn-50079.exe	109
PID 3792 wrote to memory of 1444	3792	Unicorn-30213.exe	110
PID 3792 wrote to memory of 1444	3792	Unicorn-30213.exe	110
PID 3792 wrote to memory of 1444	3792	Unicorn-30213.exe	110
PID 1904 wrote to memory of 4612	1904	Unicorn-30213.exe	111
PID 1904 wrote to memory of 4612	1904	Unicorn-30213.exe	111
PID 1904 wrote to memory of 4612	1904	Unicorn-30213.exe	111
PID 4584 wrote to memory of 2784	4584	Unicorn-50079.exe	118
PID 4584 wrote to memory of 2784	4584	Unicorn-50079.exe	118
PID 4584 wrote to memory of 2784	4584	Unicorn-50079.exe	118
PID 4056 wrote to memory of 3948	4056	Unicorn-30213.exe	119
PID 4056 wrote to memory of 3948	4056	Unicorn-30213.exe	119
PID 4056 wrote to memory of 3948	4056	Unicorn-30213.exe	119
PID 3560 wrote to memory of 1608	3560	Unicorn-50079.exe	120
PID 3560 wrote to memory of 1608	3560	Unicorn-50079.exe	120
PID 3560 wrote to memory of 1608	3560	Unicorn-50079.exe	120
PID 3380 wrote to memory of 4880	3380	Unicorn-50079.exe	121
PID 3380 wrote to memory of 4880	3380	Unicorn-50079.exe	121
PID 3380 wrote to memory of 4880	3380	Unicorn-50079.exe	121
PID 1444 wrote to memory of 4376	1444	Unicorn-50079.exe	122
PID 1444 wrote to memory of 4376	1444	Unicorn-50079.exe	122
PID 1444 wrote to memory of 4376	1444	Unicorn-50079.exe	122
PID 3792 wrote to memory of 4508	3792	Unicorn-30213.exe	123
PID 3792 wrote to memory of 4508	3792	Unicorn-30213.exe	123
PID 3792 wrote to memory of 4508	3792	Unicorn-30213.exe	123
PID 4084 wrote to memory of 4404	4084	Unicorn-50079.exe	124
PID 4084 wrote to memory of 4404	4084	Unicorn-50079.exe	124
PID 4084 wrote to memory of 4404	4084	Unicorn-50079.exe	124
PID 4612 wrote to memory of 2316	4612	Unicorn-30213.exe	125
PID 4612 wrote to memory of 2316	4612	Unicorn-30213.exe	125
PID 4612 wrote to memory of 2316	4612	Unicorn-30213.exe	125
PID 2784 wrote to memory of 2424	2784	Unicorn-50079.exe	132
PID 2784 wrote to memory of 2424	2784	Unicorn-50079.exe	132
PID 2784 wrote to memory of 2424	2784	Unicorn-50079.exe	132
PID 4584 wrote to memory of 2308	4584	Unicorn-50079.exe	133
PID 4584 wrote to memory of 2308	4584	Unicorn-50079.exe	133
PID 4584 wrote to memory of 2308	4584	Unicorn-50079.exe	133
PID 3948 wrote to memory of 2376	3948	Unicorn-50079.exe	134

C:\Users\Admin\AppData\Local\Temp\3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3093a28a8225e001cb66978a33b35290_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        22⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 620
        16⤵
        Program crash
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 716
        10⤵
        Program crash
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 700
        9⤵
        Program crash
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 612
        10⤵
        Program crash
        
        PID:864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 696
        7⤵
        Program crash
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 632
        14⤵
        Program crash
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 624
        13⤵
        Program crash
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 620
        12⤵
        Program crash
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 684
        15⤵
        Program crash
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 616
        7⤵
        Program crash
        
        PID:1576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 708
        6⤵
        Program crash
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 588
        11⤵
        Program crash
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 616
        17⤵
        Program crash
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 708
        12⤵
        Program crash
        
        PID:6068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 712
        5⤵
        Program crash
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        22⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 624
        14⤵
        Program crash
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 708
        7⤵
        Program crash
        
        PID:4964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 728
        6⤵
        Program crash
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        22⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 696
        16⤵
        Program crash
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 588
        13⤵
        Program crash
        
        PID:5224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 708
        5⤵
        Program crash
        
        PID:4192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 716
      4⤵
      Program crash
      PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        22⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 696
        14⤵
        Program crash
        
        PID:1172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 712
        7⤵
        Program crash
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 212 -s 600
        12⤵
        Program crash
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        Executes dropped EXE
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 604
        17⤵
        Program crash
        
        PID:5448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 720
        5⤵
        Program crash
        
        PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 624
        13⤵
        Program crash
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 608
        13⤵
        Program crash
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:4724
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 692
      4⤵
      Program crash
      PID:748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 724
    3⤵
    - Program crash
    PID:1376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        Executes dropped EXE
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 596
        7⤵
        Program crash
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 620
        9⤵
        Program crash
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 620
        9⤵
        Program crash
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 632
        11⤵
        Program crash
        
        PID:392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 624
        5⤵
        Program crash
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 632
        16⤵
        Program crash
        
        PID:5356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 628
        5⤵
        Program crash
        
        PID:5808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 640
      4⤵
      Program crash
      PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        Executes dropped EXE
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        20⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        21⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 588
        8⤵
        Program crash
        
        PID:5508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 632
        6⤵
        Program crash
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      4⤵
      Executes dropped EXE
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        11⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:5776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 716
    3⤵
    - Program crash
    PID:5052
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 716
  2⤵
  - Program crash
  PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4076 -ip 4076
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1368 -ip 1368
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3428 -ip 3428
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1904 -ip 1904
1⤵
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3560 -ip 3560
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3792 -ip 3792
1⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4084 -ip 4084
1⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4584 -ip 4584
1⤵
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4056 -ip 4056
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1444 -ip 1444
1⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4612 -ip 4612
1⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3380 -ip 3380
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2784 -ip 2784
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3948 -ip 3948
1⤵
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1608 -ip 1608
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4404 -ip 4404
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4556 -ip 4556
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 764 -ip 764
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1328 -ip 1328
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4168 -ip 4168
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4880 -ip 4880
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4508 -ip 4508
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4376 -ip 4376
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3388 -ip 3388
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4524 -ip 4524
1⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2788 -ip 2788
1⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4240 -ip 4240
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2424 -ip 2424
1⤵
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4716 -ip 4716
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4896 -ip 4896
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2316 -ip 2316
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4372 -ip 4372
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 832 -ip 832
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2604 -ip 2604
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3440 -ip 3440
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2308 -ip 2308
1⤵
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2880 -ip 2880
1⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2104 -ip 2104
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3912 -ip 3912
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2376 -ip 2376
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3140 -ip 3140
1⤵
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4396 -ip 4396
1⤵
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1972 -ip 1972
1⤵
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4492 -ip 4492
1⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2676 -ip 2676
1⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 404 -ip 404
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4060 -ip 4060
1⤵
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3264 -ip 3264
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5136 -ip 5136
1⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4360 -ip 4360
1⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1376 -ip 1376
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5052 -ip 5052
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 748 -ip 748
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5260 -ip 5260
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3448 -ip 3448
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 448 -ip 448
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6056 -ip 6056
1⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5192 -ip 5192
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5444 -ip 5444
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5696 -ip 5696
1⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5172 -ip 5172
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5612 -ip 5612
1⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5412 -ip 5412
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5160 -ip 5160
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1400 -ip 1400
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3780 -ip 3780
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5404 -ip 5404
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5396 -ip 5396
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5460 -ip 5460
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5932 -ip 5932
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5876 -ip 5876
1⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5924 -ip 5924
1⤵
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5180 -ip 5180
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5304 -ip 5304
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5268 -ip 5268
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5900 -ip 5900
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5892 -ip 5892
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6064 -ip 6064
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5860 -ip 5860
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3596 -ip 3596
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5884 -ip 5884
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5868 -ip 5868
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5588 -ip 5588
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5780 -ip 5780
1⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2496 -ip 2496
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 368 -ip 368
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5792 -ip 5792
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5432 -ip 5432
1⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5852 -ip 5852
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2440 -ip 2440
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 432 -ip 432
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6108 -ip 6108
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3592 -ip 3592
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4168 -ip 4168
1⤵
PID:376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5104 -ip 5104
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3420 -ip 3420
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5336 -ip 5336
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5456 -ip 5456
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4460 -ip 4460
1⤵
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5376 -ip 5376
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1444 -ip 1444
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3324 -ip 3324
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5488 -ip 5488
1⤵
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3724 -ip 3724
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5624 -ip 5624
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 1504 -ip 1504
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5476 -ip 5476
1⤵
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5212 -ip 5212
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5604 -ip 5604
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5424 -ip 5424
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5560 -ip 5560
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2152 -ip 2152
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4740 -ip 4740
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2592 -ip 2592
1⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4560 -ip 4560
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1096 -ip 1096
1⤵
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 1116 -ip 1116
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3388 -ip 3388
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 556 -ip 556
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1812 -ip 1812
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5812 -ip 5812
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4492 -ip 4492
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1844 -ip 1844
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6076 -ip 6076
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2424 -ip 2424
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4164 -ip 4164
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1972 -ip 1972
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4424 -ip 4424
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2596 -ip 2596
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4556 -ip 4556
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4184 -ip 4184
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3428 -ip 3428
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 60 -ip 60
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3264 -ip 3264
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 672 -ip 672
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4864 -ip 4864
1⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3488 -ip 3488
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5256 -ip 5256
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6116 -ip 6116
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3808 -ip 3808
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5328 -ip 5328
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5448 -ip 5448
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5728 -ip 5728
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1404 -ip 1404
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3872 -ip 3872
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5404 -ip 5404
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2476 -ip 2476
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4876 -ip 4876
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5780 -ip 5780
1⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5872 -ip 5872
1⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5164 -ip 5164
1⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4076 -ip 4076
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5540 -ip 5540
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5564 -ip 5564
1⤵
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5416 -ip 5416
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5908 -ip 5908
1⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5276 -ip 5276
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 436 -ip 436
1⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1236 -ip 1236
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2880 -ip 2880
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1400 -ip 1400
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2556 -ip 2556
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1368 -ip 1368
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5616 -ip 5616
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5512 -ip 5512
1⤵
PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3948 -ip 3948
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5544 -ip 5544
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5524 -ip 5524
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2992 -ip 2992
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4732 -ip 4732
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 212 -ip 212
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5696 -ip 5696
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6104 -ip 6104
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6492 -ip 6492
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 876 -ip 876
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1860 -ip 1860
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6156 -ip 6156
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4168 -ip 4168
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6140 -ip 6140
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1620 -ip 1620
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4192 -ip 4192
1⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2148 -ip 2148
1⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5280 -ip 5280
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3456 -ip 3456
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4896 -ip 4896
1⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6476 -ip 6476
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5168 -ip 5168
1⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 432 -ip 432
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 208 -ip 208
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5684 -ip 5684
1⤵
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6028 -ip 6028
1⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5340 -ip 5340
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5288 -ip 5288
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4292 -ip 4292
1⤵
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5456 -ip 5456
1⤵
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5940 -ip 5940
1⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5392 -ip 5392
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6872 -ip 6872
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6940 -ip 6940
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7164 -ip 7164
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 7092 -ip 7092
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6956 -ip 6956
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6896 -ip 6896
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5016 -ip 5016
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6988 -ip 6988
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 7096 -ip 7096
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7068 -ip 7068
1⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7028 -ip 7028
1⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6924 -ip 6924
1⤵
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 3432 -ip 3432
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6932 -ip 6932
1⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6996 -ip 6996
1⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 7020 -ip 7020
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7128 -ip 7128
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6980 -ip 6980
1⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6908 -ip 6908
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6888 -ip 6888
1⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6964 -ip 6964
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7004 -ip 7004
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 7012 -ip 7012
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7036 -ip 7036
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6972 -ip 6972
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6916 -ip 6916
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6948 -ip 6948
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6288 -ip 6288
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6012 -ip 6012
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5548 -ip 5548
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1240 -ip 1240
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5832 -ip 5832
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4864 -ip 4864
1⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6716 -ip 6716
1⤵
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5440 -ip 5440
1⤵
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5300 -ip 5300
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5672 -ip 5672
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6816 -ip 6816
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6008 -ip 6008
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6260 -ip 6260
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2228 -ip 2228
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5408 -ip 5408
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6164 -ip 6164
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7052 -ip 7052
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6864 -ip 6864
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 632 -ip 632
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6820 -ip 6820
1⤵
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3320 -ip 3320
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 4392 -ip 4392
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6764 -ip 6764
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6108 -ip 6108
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 3816 -ip 3816
1⤵
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 864 -ip 864
1⤵
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6788 -ip 6788
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6408 -ip 6408
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1260 -ip 1260
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6112 -ip 6112
1⤵
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1404 -ip 1404
1⤵
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5052 -ip 5052
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6156 -ip 6156
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6080 -ip 6080
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6704 -ip 6704
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 612 -ip 612
1⤵
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6668 -ip 6668
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6732 -ip 6732
1⤵
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4192 -ip 4192
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6780 -ip 6780
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1192 -ip 1192
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7136 -ip 7136
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6584 -ip 6584
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3396 -ip 3396
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 404 -ip 404
1⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6632 -ip 6632
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4660 -ip 4660
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6660 -ip 6660
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5556 -ip 5556
1⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4716 -ip 4716
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4084 -ip 4084
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3952 -ip 3952
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3428 -ip 3428
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5004 -ip 5004
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5376 -ip 5376
1⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6752 -ip 6752
1⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6148 -ip 6148
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 3792 -ip 3792
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 376 -ip 376
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6128 -ip 6128
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2092 -ip 2092
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6720 -ip 6720
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3200 -ip 3200
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6496 -ip 6496
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5268 -ip 5268
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5132 -ip 5132
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5412 -ip 5412
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5996 -ip 5996
1⤵
PID:432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6504 -ip 6504
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1172 -ip 1172
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 2516 -ip 2516
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6492 -ip 6492
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 836 -ip 836
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2376 -ip 2376
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4368 -ip 4368
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5312 -ip 5312
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4736 -ip 4736
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6024 -ip 6024
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 212 -ip 212
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6436 -ip 6436
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4948 -ip 4948
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2916 -ip 2916
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6516 -ip 6516
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6672 -ip 6672
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6980 -ip 6980
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7132 -ip 7132
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5928 -ip 5928
1⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4484 -ip 4484
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3680 -ip 3680
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6604 -ip 6604
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5088 -ip 5088
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5464 -ip 5464
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5720 -ip 5720
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5172 -ip 5172
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6180 -ip 6180
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4408 -ip 4408
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 912 -ip 912
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3948 -ip 3948
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6296 -ip 6296
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5852 -ip 5852
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2468 -ip 2468
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6188 -ip 6188
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4352 -ip 4352
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5804 -ip 5804
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5204 -ip 5204
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4196 -ip 4196
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 368 -ip 368
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5808 -ip 5808
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5688 -ip 5688
1⤵
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7008 -ip 7008
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5900 -ip 5900
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6948 -ip 6948
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 4376 -ip 4376
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 184 -ip 184
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2844 -ip 2844
1⤵
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5848 -ip 5848
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6236 -ip 6236
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 2900 -ip 2900
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6084 -ip 6084
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7156 -ip 7156
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5972 -ip 5972
1⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4364 -ip 4364
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5044 -ip 5044
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4880 -ip 4880
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5284 -ip 5284
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5472 -ip 5472
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1812 -ip 1812
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3136 -ip 3136
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6908 -ip 6908
1⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6384 -ip 6384
1⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6332 -ip 6332
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6100 -ip 6100
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6812 -ip 6812
1⤵
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6684 -ip 6684
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5632 -ip 5632
1⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3344 -ip 3344
1⤵
PID:6184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe

Filesize
184KB

MD5
040d978843a5730f18be44f6d0c6e1c5

SHA1
5cad2061c6c5bf2882f938bd247a392abf9841c7

SHA256
5695ac7d709cf71d1b76c843beb12a4b58851eac340d5e500438feb75eb34c8d

SHA512
61f33013918c25f45b704dfad62bde17e3c0e2a6cf31b9b025fd9c6df4f2a263cb18eb81e56008a79ed8c517d74630005b6693be5d9e30841e31a3eb4b17676d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe

Filesize
184KB

MD5
65d3b1ea69453f3229093c19472c57ff

SHA1
d7bd8a4f4c0cda9f37cb3a5d36c0c18a890f8ea2

SHA256
a8533c23e6dc66d57f0fd8b3fbc5edf9e93807e7acead58c58ca603d40a83229

SHA512
213ce8b20f08556e69ff64497b0d5046f5c00bff800ad885c7923ba7de85aa15f55662cc07dd6fb0bffe997d8104d86ddd4ca50313cfaca61521c3f4f80ba4e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads