418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282

Analysis

max time kernel
149s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe
Size

184KB
MD5

a7dc014e8c0270211a3815ed1bd794b9
SHA1

791e06a09f855927ca2e1f1e6ced7f522a766454
SHA256

418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282
SHA512

dcf087955e1622638148ba7fc89e1cfca595cd01fcede9c0a1fc9e209600dad74e2f4fd988574384c6ac6e31ce6667c8c9338b64103fe3b067fa69878f0de8cf
SSDEEP

3072:eWH/U7ogV39ZwrTmeqMGrMivIpIpwW0gfU3J45EUSDpQlnVOF8:eW0oC6rTVG4ivISsJpQlnVOF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1324	Unicorn-51777.exe
4320	Unicorn-16535.exe
4288	Unicorn-36401.exe
1856	Unicorn-5456.exe
2968	Unicorn-15763.exe
1760	Unicorn-26623.exe
2140	Unicorn-33059.exe
1868	Unicorn-28975.exe
4704	Unicorn-9109.exe
1976	Unicorn-21361.exe
4544	Unicorn-41227.exe
860	Unicorn-18415.exe
4984	Unicorn-45612.exe
60	Unicorn-6162.exe
3432	Unicorn-2078.exe
1892	Unicorn-14330.exe
1988	Unicorn-60002.exe
2952	Unicorn-25191.exe
2708	Unicorn-61154.exe
1808	Unicorn-900.exe
436	Unicorn-52794.exe
1628	Unicorn-46017.exe
3240	Unicorn-9068.exe
3976	Unicorn-4984.exe
4348	Unicorn-17237.exe
2684	Unicorn-58824.exe
2248	Unicorn-4169.exe
1804	Unicorn-24035.exe
3176	Unicorn-19951.exe
1748	Unicorn-85.exe
4040	Unicorn-106.exe
1692	Unicorn-61367.exe
1668	Unicorn-16997.exe
2960	Unicorn-14304.exe
852	Unicorn-55913.exe
908	Unicorn-27879.exe
3916	Unicorn-35109.exe
2316	Unicorn-56276.exe
944	Unicorn-49499.exe
4852	Unicorn-14688.exe
1848	Unicorn-36431.exe
2752	Unicorn-29655.exe
4384	Unicorn-9234.exe
4588	Unicorn-5150.exe
448	Unicorn-63074.exe
1148	Unicorn-63074.exe
4332	Unicorn-58990.exe
1856	Unicorn-1813.exe
4212	Unicorn-34507.exe
548	Unicorn-10557.exe
1624	Unicorn-54927.exe
2696	Unicorn-1642.exe
2112	Unicorn-22809.exe
4136	Unicorn-50843.exe
2892	Unicorn-46759.exe
4376	Unicorn-61704.exe
4948	Unicorn-61533.exe
4704	Unicorn-56058.exe
5096	Unicorn-56058.exe
4316	Unicorn-51974.exe
4068	Unicorn-49281.exe
4440	Unicorn-47143.exe
4788	Unicorn-55866.exe
3248	Unicorn-12140.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2720	396	WerFault.exe	82
1064	1324	WerFault.exe	86
4772	4320	WerFault.exe	87
2740	4288	WerFault.exe	88
4240	1856	WerFault.exe	92
1684	2968	WerFault.exe	93
1208	1760	WerFault.exe	94
960	2140	WerFault.exe	97
1768	1976	WerFault.exe	100
4152	1868	WerFault.exe	98
1588	4544	WerFault.exe	101
5024	4704	WerFault.exe	99
5068	4040	WerFault.exe	141
3972	860	WerFault.exe	106
5060	4984	WerFault.exe	107
220	60	WerFault.exe	108
4344	3432	WerFault.exe	109
3124	1892	WerFault.exe	110
2852	2952	WerFault.exe	112
3028	2708	WerFault.exe	119
4388	1808	WerFault.exe	120
4768	436	WerFault.exe	121
3640	1628	WerFault.exe	122
1044	220	WerFault.exe	207
1388	1748	WerFault.exe	130
4040	4348	WerFault.exe	125
3540	1804	WerFault.exe	128
1372	2960	WerFault.exe	144
3228	1856	WerFault.exe	160
6012	1148	WerFault.exe	156
5896	3916	WerFault.exe	147
6020	4852	WerFault.exe	150
5772	4588	WerFault.exe	154
5184	3520	WerFault.exe	193
4116	848	WerFault.exe	220
2852	548	WerFault.exe	174
4568	2216	WerFault.exe	244
5388	624	WerFault.exe	268
1448	5156	WerFault.exe	271
6464	5924	WerFault.exe	295
5768	2488	WerFault.exe	452
6728	3316	WerFault.exe	455
1828	5288	WerFault.exe	509
5260	4516	WerFault.exe	486
5776	6772	WerFault.exe	556
880	6684	WerFault.exe	549
6980	6204	WerFault.exe	572
2956	6656	WerFault.exe	548
5148	6848	WerFault.exe	560
2732	6580	WerFault.exe	545
4408	5836	WerFault.exe	574
1872	6532	WerFault.exe	542
5544	6708	WerFault.exe	551
2008	6504	WerFault.exe	541
1496	5060	WerFault.exe	569
8	6792	WerFault.exe	557
5252	6816	WerFault.exe	558
4084	6544	WerFault.exe	543
6440	1064	WerFault.exe	567
1568	6236	WerFault.exe	573
5048	6604	WerFault.exe	546
5860	1428	WerFault.exe	511
4248	5436	WerFault.exe	504
5372	4400	WerFault.exe	493

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-85.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35109.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe
1324	Unicorn-51777.exe
4320	Unicorn-16535.exe
4288	Unicorn-36401.exe
1856	Unicorn-5456.exe
2968	Unicorn-15763.exe
1760	Unicorn-26623.exe
2140	Unicorn-33059.exe
1976	Unicorn-21361.exe
4704	Unicorn-9109.exe
1868	Unicorn-28975.exe
4544	Unicorn-41227.exe
860	Unicorn-18415.exe
4984	Unicorn-45612.exe
60	Unicorn-6162.exe
3432	Unicorn-2078.exe
1988	Unicorn-60002.exe
2952	Unicorn-25191.exe
1892	Unicorn-14330.exe
2708	Unicorn-61154.exe
1808	Unicorn-900.exe
436	Unicorn-52794.exe
1628	Unicorn-46017.exe
3240	Unicorn-9068.exe
1804	Unicorn-24035.exe
2684	Unicorn-58824.exe
3176	Unicorn-19951.exe
4348	Unicorn-17237.exe
3976	Unicorn-4984.exe
2248	Unicorn-4169.exe
1748	Unicorn-85.exe
4040	Unicorn-106.exe
1692	Unicorn-61367.exe
1668	Unicorn-16997.exe
2960	Unicorn-14304.exe
852	Unicorn-55913.exe
908	Unicorn-27879.exe
3916	Unicorn-35109.exe
2316	Unicorn-56276.exe
944	Unicorn-49499.exe
4852	Unicorn-14688.exe
1848	Unicorn-36431.exe
2752	Unicorn-29655.exe
4384	Unicorn-9234.exe
1148	Unicorn-63074.exe
4588	Unicorn-5150.exe
4332	Unicorn-58990.exe
448	Unicorn-63074.exe
1856	Unicorn-1813.exe
4212	Unicorn-34507.exe
548	Unicorn-10557.exe
1624	Unicorn-54927.exe
2112	Unicorn-22809.exe
2696	Unicorn-1642.exe
4376	Unicorn-61704.exe
2892	Unicorn-46759.exe
4136	Unicorn-50843.exe
4948	Unicorn-61533.exe
5096	Unicorn-56058.exe
4316	Unicorn-51974.exe
4704	Unicorn-56058.exe
4068	Unicorn-49281.exe
4440	Unicorn-47143.exe
4788	Unicorn-55866.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 1324	396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe	86
PID 396 wrote to memory of 1324	396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe	86
PID 396 wrote to memory of 1324	396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe	86
PID 396 wrote to memory of 4320	396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe	87
PID 396 wrote to memory of 4320	396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe	87
PID 396 wrote to memory of 4320	396	418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe	87
PID 1324 wrote to memory of 4288	1324	Unicorn-51777.exe	88
PID 1324 wrote to memory of 4288	1324	Unicorn-51777.exe	88
PID 1324 wrote to memory of 4288	1324	Unicorn-51777.exe	88
PID 4320 wrote to memory of 1856	4320	Unicorn-16535.exe	92
PID 4320 wrote to memory of 1856	4320	Unicorn-16535.exe	92
PID 4320 wrote to memory of 1856	4320	Unicorn-16535.exe	92
PID 4288 wrote to memory of 2968	4288	Unicorn-36401.exe	93
PID 4288 wrote to memory of 2968	4288	Unicorn-36401.exe	93
PID 4288 wrote to memory of 2968	4288	Unicorn-36401.exe	93
PID 1324 wrote to memory of 1760	1324	Unicorn-51777.exe	94
PID 1324 wrote to memory of 1760	1324	Unicorn-51777.exe	94
PID 1324 wrote to memory of 1760	1324	Unicorn-51777.exe	94
PID 1856 wrote to memory of 2140	1856	Unicorn-5456.exe	97
PID 1856 wrote to memory of 2140	1856	Unicorn-5456.exe	97
PID 1856 wrote to memory of 2140	1856	Unicorn-5456.exe	97
PID 2968 wrote to memory of 1868	2968	Unicorn-15763.exe	98
PID 2968 wrote to memory of 1868	2968	Unicorn-15763.exe	98
PID 2968 wrote to memory of 1868	2968	Unicorn-15763.exe	98
PID 4320 wrote to memory of 4704	4320	Unicorn-16535.exe	99
PID 4320 wrote to memory of 4704	4320	Unicorn-16535.exe	99
PID 4320 wrote to memory of 4704	4320	Unicorn-16535.exe	99
PID 4288 wrote to memory of 1976	4288	Unicorn-36401.exe	100
PID 4288 wrote to memory of 1976	4288	Unicorn-36401.exe	100
PID 4288 wrote to memory of 1976	4288	Unicorn-36401.exe	100
PID 1760 wrote to memory of 4544	1760	Unicorn-26623.exe	101
PID 1760 wrote to memory of 4544	1760	Unicorn-26623.exe	101
PID 1760 wrote to memory of 4544	1760	Unicorn-26623.exe	101
PID 2140 wrote to memory of 860	2140	Unicorn-33059.exe	106
PID 2140 wrote to memory of 860	2140	Unicorn-33059.exe	106
PID 2140 wrote to memory of 860	2140	Unicorn-33059.exe	106
PID 1856 wrote to memory of 4984	1856	Unicorn-5456.exe	107
PID 1856 wrote to memory of 4984	1856	Unicorn-5456.exe	107
PID 1856 wrote to memory of 4984	1856	Unicorn-5456.exe	107
PID 1976 wrote to memory of 60	1976	Unicorn-21361.exe	108
PID 1976 wrote to memory of 60	1976	Unicorn-21361.exe	108
PID 1976 wrote to memory of 60	1976	Unicorn-21361.exe	108
PID 1868 wrote to memory of 3432	1868	Unicorn-28975.exe	109
PID 1868 wrote to memory of 3432	1868	Unicorn-28975.exe	109
PID 1868 wrote to memory of 3432	1868	Unicorn-28975.exe	109
PID 4704 wrote to memory of 1892	4704	Unicorn-9109.exe	110
PID 4704 wrote to memory of 1892	4704	Unicorn-9109.exe	110
PID 4704 wrote to memory of 1892	4704	Unicorn-9109.exe	110
PID 2968 wrote to memory of 1988	2968	Unicorn-15763.exe	111
PID 2968 wrote to memory of 1988	2968	Unicorn-15763.exe	111
PID 2968 wrote to memory of 1988	2968	Unicorn-15763.exe	111
PID 1760 wrote to memory of 2952	1760	Unicorn-26623.exe	112
PID 1760 wrote to memory of 2952	1760	Unicorn-26623.exe	112
PID 1760 wrote to memory of 2952	1760	Unicorn-26623.exe	112
PID 4544 wrote to memory of 2708	4544	Unicorn-41227.exe	119
PID 4544 wrote to memory of 2708	4544	Unicorn-41227.exe	119
PID 4544 wrote to memory of 2708	4544	Unicorn-41227.exe	119
PID 860 wrote to memory of 1808	860	Unicorn-18415.exe	120
PID 860 wrote to memory of 1808	860	Unicorn-18415.exe	120
PID 860 wrote to memory of 1808	860	Unicorn-18415.exe	120
PID 2140 wrote to memory of 436	2140	Unicorn-33059.exe	121
PID 2140 wrote to memory of 436	2140	Unicorn-33059.exe	121
PID 2140 wrote to memory of 436	2140	Unicorn-33059.exe	121
PID 4984 wrote to memory of 1628	4984	Unicorn-45612.exe	122

C:\Users\Admin\AppData\Local\Temp\418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe
"C:\Users\Admin\AppData\Local\Temp\418de2f427ca7bfcac69c9efd65d976ca0256aa56e501b1d77aac135d9dfb282.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        11⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        13⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        14⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        15⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        16⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        17⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        18⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        19⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 636
        15⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 656
        14⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        11⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        12⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        13⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        14⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        16⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1910.exe
        17⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        18⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
        19⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 636
        15⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 656
        14⤵
        Program crash
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 740
        8⤵
        Program crash
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 744
        7⤵
        Program crash
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        11⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        13⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        14⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        15⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        16⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        17⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        18⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 720
        15⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 724
        9⤵
        Program crash
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        12⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        13⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        14⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        15⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        16⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        17⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        18⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 612
        15⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 640
        13⤵
        Program crash
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 724
        8⤵
        Program crash
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        10⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        12⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        13⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
        14⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        15⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        16⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        17⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 640
        13⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 660
        12⤵
        Program crash
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 740
        7⤵
        Program crash
        
        PID:1388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 752
        6⤵
        Program crash
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        12⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61619.exe
        13⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        14⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        15⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        16⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        17⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        18⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        19⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
        20⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 632
        16⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 624
        14⤵
        Program crash
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 628
        13⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        11⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        12⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
        13⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        14⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        15⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        16⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        17⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        18⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 608
        13⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 628
        12⤵
        Program crash
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        10⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        11⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        12⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        13⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        14⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        15⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        16⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        17⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        18⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 636
        13⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 664
        12⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48879.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        11⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        12⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        13⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        14⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        15⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        16⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        17⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        18⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        19⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 652
        14⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 660
        13⤵
        Program crash
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        11⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        12⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        13⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
        14⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        15⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        16⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        17⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 644
        13⤵
        Program crash
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23903.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        11⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        12⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        13⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        14⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        15⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 648
        12⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 624
        11⤵
        Program crash
        
        PID:4084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 748
        5⤵
        Program crash
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        12⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        13⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        14⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        15⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        16⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        17⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        18⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 644
        13⤵
        Program crash
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        9⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 748
        8⤵
        Program crash
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        10⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        11⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        12⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        13⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        14⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        15⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
        16⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        17⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        18⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        19⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 648
        15⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 652
        14⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 616
        13⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        9⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        10⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        12⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        13⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        14⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
        15⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        16⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        17⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
        18⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        19⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 688
        15⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 636
        14⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 636
        14⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 656
        13⤵
        Program crash
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        12⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        13⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        14⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7016.exe
        15⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        16⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        17⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 736
        13⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 724
        12⤵
        Program crash
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 724
        11⤵
        
        PID:6240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 716
        6⤵
        Program crash
        
        PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        12⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        13⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        14⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        15⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        16⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 608
        13⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 724
        12⤵
        Program crash
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4556.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        11⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        12⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        13⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        14⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
        15⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
        16⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 244 -s 688
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 708
        11⤵
        Program crash
        
        PID:5252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 724
        5⤵
        Program crash
        
        PID:1768
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 728
      4⤵
      Program crash
      PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 720
        7⤵
        Program crash
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 720
        7⤵
        Program crash
        
        PID:3228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 752
        6⤵
        Program crash
        
        PID:3028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 744
        5⤵
        Program crash
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        12⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        13⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        15⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        16⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        17⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        18⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 636
        13⤵
        
        PID:636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 644
        12⤵
        Program crash
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
        12⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        13⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        14⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        15⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        16⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        17⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        18⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 636
        13⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        10⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        11⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        12⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
        13⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47883.exe
        14⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        15⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        16⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 664
        13⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 460
        12⤵
        
        PID:7300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 748
        6⤵
        Program crash
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        11⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 640
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 712
        7⤵
        Program crash
        
        PID:4568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 740
        5⤵
        Program crash
        
        PID:2852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 740
      4⤵
      Program crash
      PID:1208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 728
    3⤵
    - Program crash
    PID:1064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        9⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        9⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41671.exe
        11⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        12⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        13⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        14⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        15⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        16⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        17⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        18⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 696
        14⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 624
        13⤵
        Program crash
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 648
        10⤵
        Program crash
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        8⤵
        
        PID:220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 468
        9⤵
        Program crash
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        9⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        11⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        12⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        13⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        14⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        15⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        16⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        17⤵
        
        PID:448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 740
        8⤵
        Program crash
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 744
        7⤵
        Program crash
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        8⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        11⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        12⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        13⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        15⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        16⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        17⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        18⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 636
        15⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 636
        13⤵
        Program crash
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
        11⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
        12⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
        13⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        14⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        15⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        16⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        17⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        18⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        19⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        15⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        16⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        17⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 664
        14⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        13⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        14⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        15⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        16⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        17⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 644
        13⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        7⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        12⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        13⤵
        
        PID:6616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 764
        6⤵
        Program crash
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        9⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        10⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        11⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        12⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        13⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 636
        13⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 740
        12⤵
        Program crash
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        7⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 752
        7⤵
        Program crash
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        11⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        12⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        13⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        14⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63643.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        16⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        17⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        18⤵
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 728
        14⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 740
        13⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 636
        9⤵
        Program crash
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        11⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        12⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        13⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        14⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        15⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        16⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        17⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 652
        13⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 712
        12⤵
        Program crash
        
        PID:1496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 712
        6⤵
        Program crash
        
        PID:4768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 724
        5⤵
        Program crash
        
        PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        10⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        11⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        12⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        13⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        14⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        15⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        16⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        17⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 652
        9⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        7⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        9⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        11⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        13⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        14⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        15⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        16⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        17⤵
        
        PID:988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 724
        13⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 636
        11⤵
        Program crash
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8824.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        11⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        13⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        14⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        15⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        16⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        17⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 652
        12⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15631.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30535.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
        11⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        12⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        13⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        14⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        15⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        16⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 640
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 628
        10⤵
        Program crash
        
        PID:5372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 756
        6⤵
        Program crash
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        12⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        13⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        14⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        15⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        16⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        17⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        18⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 740
        14⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 652
        13⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 652
        12⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 628
        11⤵
        Program crash
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        11⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
        12⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        13⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        15⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 740
        11⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        6⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        7⤵
        
        PID:5496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 720
        5⤵
        Program crash
        
        PID:5060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 736
      4⤵
      Program crash
      PID:4240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        7⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        12⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        13⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        14⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        15⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        16⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        17⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        18⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 744
        14⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 664
        13⤵
        Program crash
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        12⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        13⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        14⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        15⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        16⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 648
        13⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 640
        12⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 652
        11⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
        9⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
        10⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        12⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        13⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        14⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        15⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        16⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 612
        12⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 660
        11⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        10⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
        11⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        12⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
        13⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        14⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        15⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        16⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 708
        12⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
        11⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
        12⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        13⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        14⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        15⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        16⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 628
        11⤵
        
        PID:8520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 632
        6⤵
        Program crash
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
        6⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        11⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        12⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
        13⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        14⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
        15⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
        16⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 640
        11⤵
        Program crash
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        11⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        12⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        13⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        14⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17017.exe
        15⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 664
        10⤵
        
        PID:3148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 748
        5⤵
        Program crash
        
        PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        10⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
        12⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        13⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        14⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        15⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        16⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 740
        12⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 664
        11⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        11⤵
        
        PID:532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 636
        11⤵
        
        PID:7712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 744
        6⤵
        Program crash
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4556.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37525.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        14⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        15⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        16⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        17⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 640
        12⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 736
        11⤵
        Program crash
        
        PID:1828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 656
        8⤵
        Program crash
        
        PID:6464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 636
      4⤵
      Program crash
      PID:5024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 764
    3⤵
    - Program crash
    PID:4772
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 752
  2⤵
  - Program crash
  PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 396 -ip 396
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1324 -ip 1324
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4320 -ip 4320
1⤵
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4288 -ip 4288
1⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1856 -ip 1856
1⤵
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2968 -ip 2968
1⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1760 -ip 1760
1⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2140 -ip 2140
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1976 -ip 1976
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1868 -ip 1868
1⤵
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4544 -ip 4544
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4704 -ip 4704
1⤵
PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4040 -ip 4040
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 860 -ip 860
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4984 -ip 4984
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 60 -ip 60
1⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3432 -ip 3432
1⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1892 -ip 1892
1⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1988 -ip 1988
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2952 -ip 2952
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2708 -ip 2708
1⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1808 -ip 1808
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 436 -ip 436
1⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1628 -ip 1628
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 220 -ip 220
1⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3240 -ip 3240
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3176 -ip 3176
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2248 -ip 2248
1⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2684 -ip 2684
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4348 -ip 4348
1⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1804 -ip 1804
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3976 -ip 3976
1⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1748 -ip 1748
1⤵
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1692 -ip 1692
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2960 -ip 2960
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1668 -ip 1668
1⤵
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 852 -ip 852
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 228 -ip 228
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 908 -ip 908
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3916 -ip 3916
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1148 -ip 1148
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1856 -ip 1856
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5496 -ip 5496
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5480 -ip 5480
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5488 -ip 5488
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4212 -ip 4212
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 944 -ip 944
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2316 -ip 2316
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2752 -ip 2752
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4852 -ip 4852
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4136 -ip 4136
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 4332 -ip 4332
1⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5096 -ip 5096
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4068 -ip 4068
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4440 -ip 4440
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4788 -ip 4788
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3248 -ip 3248
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3076 -ip 3076
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 448 -ip 448
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3460 -ip 3460
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4588 -ip 4588
1⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3520 -ip 3520
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3316 -ip 3316
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2112 -ip 2112
1⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2980 -ip 2980
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1624 -ip 1624
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 368 -ip 368
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5048 -ip 5048
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2696 -ip 2696
1⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1848 -ip 1848
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3832 -ip 3832
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3168 -ip 3168
1⤵
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3564 -ip 3564
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3608 -ip 3608
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4384 -ip 4384
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2484 -ip 2484
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1472 -ip 1472
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 116 -ip 116
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 408 -ip 408
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4704 -ip 4704
1⤵
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4568 -ip 4568
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2196 -ip 2196
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 548 -ip 548
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4968 -ip 4968
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2884 -ip 2884
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4468 -ip 4468
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2892 -ip 2892
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 848 -ip 848
1⤵
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 860 -ip 860
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1064 -ip 1064
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2216 -ip 2216
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4016 -ip 4016
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3000 -ip 3000
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3640 -ip 3640
1⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2248 -ip 2248
1⤵
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1196 -ip 1196
1⤵
PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4948 -ip 4948
1⤵
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 1208 -ip 1208
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4316 -ip 4316
1⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2956 -ip 2956
1⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3648 -ip 3648
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4376 -ip 4376
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 60 -ip 60
1⤵
PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1172 -ip 1172
1⤵
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4824 -ip 4824
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3812 -ip 3812
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2952 -ip 2952
1⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4952 -ip 4952
1⤵
PID:372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5168 -ip 5168
1⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5252 -ip 5252
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3308 -ip 3308
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2732 -ip 2732
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1056 -ip 1056
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5264 -ip 5264
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4480 -ip 4480
1⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5388 -ip 5388
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5956 -ip 5956
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5856 -ip 5856
1⤵
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5156 -ip 5156
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5436 -ip 5436
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2944 -ip 2944
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5032 -ip 5032
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5656 -ip 5656
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3432 -ip 3432
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 624 -ip 624
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5980 -ip 5980
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4768 -ip 4768
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5476 -ip 5476
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5832 -ip 5832
1⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4292 -ip 4292
1⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5664 -ip 5664
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5948 -ip 5948
1⤵
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5924 -ip 5924
1⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5564 -ip 5564
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5880 -ip 5880
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5940 -ip 5940
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5544 -ip 5544
1⤵
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5588 -ip 5588
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6024 -ip 6024
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5228 -ip 5228
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5996 -ip 5996
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5508 -ip 5508
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5324 -ip 5324
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1268 -ip 1268
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1768 -ip 1768
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5180 -ip 5180
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6092 -ip 6092
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1500 -ip 1500
1⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3632 -ip 3632
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5540 -ip 5540
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6084 -ip 6084
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5524 -ip 5524
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5600 -ip 5600
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4420 -ip 4420
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4248 -ip 4248
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5408 -ip 5408
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5072 -ip 5072
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5456 -ip 5456
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1820 -ip 1820
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 3988 -ip 3988
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 2328 -ip 2328
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5936 -ip 5936
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2336 -ip 2336
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5416 -ip 5416
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5788 -ip 5788
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 944 -ip 944
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5296 -ip 5296
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1140 -ip 1140
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 448 -ip 448
1⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2420 -ip 2420
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5476 -ip 5476
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 208 -ip 208
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 636 -ip 636
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5480 -ip 5480
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3176 -ip 3176
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4152 -ip 4152
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2132 -ip 2132
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4228 -ip 4228
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3008 -ip 3008
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 956 -ip 956
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6032 -ip 6032
1⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6016 -ip 6016
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5532 -ip 5532
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2844 -ip 2844
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2696 -ip 2696
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4788 -ip 4788
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2776 -ip 2776
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2720 -ip 2720
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5056 -ip 5056
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5712 -ip 5712
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5068 -ip 5068
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2112 -ip 2112
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3044 -ip 3044
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4132 -ip 4132
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6076 -ip 6076
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5572 -ip 5572
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4468 -ip 4468
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5800 -ip 5800
1⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3988 -ip 3988
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6060 -ip 6060
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5616 -ip 5616
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2488 -ip 2488
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5352 -ip 5352
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1324 -ip 1324
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5676 -ip 5676
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 3832 -ip 3832
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4068 -ip 4068
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3316 -ip 3316
1⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2044 -ip 2044
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5796 -ip 5796
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1828 -ip 1828
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5064 -ip 5064
1⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5908 -ip 5908
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4016 -ip 4016
1⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2316 -ip 2316
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3812 -ip 3812
1⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 860 -ip 860
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3980 -ip 3980
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 4704 -ip 4704
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 388 -ip 388
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1012 -ip 1012
1⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1628 -ip 1628
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 1620 -ip 1620
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4520 -ip 4520
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1072 -ip 1072
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5124 -ip 5124
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 216 -ip 216
1⤵
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3124 -ip 3124
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5172 -ip 5172
1⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2248 -ip 2248
1⤵
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5100 -ip 5100
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3936 -ip 3936
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5988 -ip 5988
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5356 -ip 5356
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4324 -ip 4324
1⤵
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3940 -ip 3940
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2408 -ip 2408
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5340 -ip 5340
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1236 -ip 1236
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2372 -ip 2372
1⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5344 -ip 5344
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1100 -ip 1100
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3780 -ip 3780
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2980 -ip 2980
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5332 -ip 5332
1⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4480 -ip 4480
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3004 -ip 3004
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4532 -ip 4532
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3836 -ip 3836
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5288 -ip 5288
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5440 -ip 5440
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1432 -ip 1432
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6188 -ip 6188
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5960 -ip 5960
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2320 -ip 2320
1⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4692 -ip 4692
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1520 -ip 1520
1⤵
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4516 -ip 4516
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4400 -ip 4400
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5436 -ip 5436
1⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1428 -ip 1428
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6228 -ip 6228
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6604 -ip 6604
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6708 -ip 6708
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6532 -ip 6532
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6772 -ip 6772
1⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6504 -ip 6504
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6580 -ip 6580
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6848 -ip 6848
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6656 -ip 6656
1⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6684 -ip 6684
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6204 -ip 6204
1⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5836 -ip 5836
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6792 -ip 6792
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5060 -ip 5060
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6544 -ip 6544
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6816 -ip 6816
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1064 -ip 1064
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6236 -ip 6236
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6284 -ip 6284
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1524 -ip 1524
1⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6444 -ip 6444
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6564 -ip 6564
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6476 -ip 6476
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4352 -ip 4352
1⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6636 -ip 6636
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6788 -ip 6788
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6812 -ip 6812
1⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6824 -ip 6824
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5408 -ip 5408
1⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5848 -ip 5848
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7144 -ip 7144
1⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7164 -ip 7164
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6640 -ip 6640
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3200 -ip 3200
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6696 -ip 6696
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6164 -ip 6164
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5284 -ip 5284
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5760 -ip 5760
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5684 -ip 5684
1⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5456 -ip 5456
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 6028 -ip 6028
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6264 -ip 6264
1⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1120 -ip 1120
1⤵
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5784 -ip 5784
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6752 -ip 6752
1⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4300 -ip 4300
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4456 -ip 4456
1⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5480 -ip 5480
1⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6744 -ip 6744
1⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 4152 -ip 4152
1⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6436 -ip 6436
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6092 -ip 6092
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 6736 -ip 6736
1⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 244 -ip 244
1⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5396 -ip 5396
1⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 3768 -ip 3768
1⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1760 -ip 1760
1⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6124 -ip 6124
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4576 -ip 4576
1⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3532 -ip 3532
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4672 -ip 4672
1⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2328 -ip 2328
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 944 -ip 944
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4468 -ip 4468
1⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5416 -ip 5416
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6560 -ip 6560
1⤵
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 6248 -ip 6248
1⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5084 -ip 5084
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5156 -ip 5156
1⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 988 -ip 988
1⤵
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 3868 -ip 3868
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6760 -ip 6760
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 448 -ip 448
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6884 -ip 6884
1⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1976 -ip 1976
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 624 -ip 624
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5444 -ip 5444
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5388 -ip 5388
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 4332 -ip 4332
1⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 4304 -ip 4304
1⤵
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3636 -ip 3636
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3124 -ip 3124
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6416 -ip 6416
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2196 -ip 2196
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5220 -ip 5220
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 5624 -ip 5624
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3176 -ip 3176
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4288 -ip 4288
1⤵
PID:60

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4316 -ip 4316
1⤵
PID:5872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe

Filesize
184KB

MD5
3bbca784d5e5cead557976cd6d38378a

SHA1
44f9f1a523fdfd3c1f817b0a1c1c0c9c60a74b82

SHA256
d5de4b8b62c442ad3492c7ff39874bf3528a89c50b33b08fcd623639d9618801

SHA512
c082e6405050bfd4b8a67b8f0abcc66c5ddf9ca5442c50ac056837fc4c4ed5b087165f64fdcfb26e3aef37aa945d93c71aae81de53ff826464eda656a30da104

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe

Filesize
184KB

MD5
24ba1eddafa21ae30dc74b4f8377c1ec

SHA1
598f73edd4226ddde837d6e93eebe6f108b6df60

SHA256
53fe64b3b66a74fb4199fe9c4e96792bfb00c0cd2f484f894d94ceafd195a9f0

SHA512
6a77c9d6944115daa65d289aec1d0d0a1c9bd3b87c07b70557a90f55b19d8073f4f1a5f2e6c8c2088ff3f362516d4869fcb843dff0d43c255174b51cf10727e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe

Filesize
184KB

MD5
b5a6987b2f95cfe5408df5808b060c80

SHA1
302591dd079895f98df6ebe61a2479374b0d1ba5

SHA256
f5dd62abdb68f60948d23d86936143370afad66beccfe25e39c72b6a37cdea2d

SHA512
782a9d55d1c34b181303fc047c3ea45bbe90b4edd86196543f702fa430bab5e0296b6ff574031b9f42c888aea1087a8b4fed98a6ac16d878d285d6b703f3020d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe

Filesize
184KB

MD5
6102ded7cc9be980afe58628bc37c066

SHA1
8fdb5c40625c96359d54d2726a0199d63689f4d4

SHA256
bfb1a2c08bfa50a3d2094b5d26699ac8b0b9de582955b60ccf5fd723515e9c1a

SHA512
7543fdaab7216b404808c19d918cf0251fa6675de4d40bb73c596e637fc3e26c29b62028ed6e0c87ba32f4bf0cbfd8eba230b91b9e2b06121e57949695f251d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe

Filesize
184KB

MD5
0bf5d6eae76e1720fcac40105cef3694

SHA1
5785b8275164bd069648f6214db040813ea50998

SHA256
4e6a61c7b7d9e3631dd6879ad14b445c05f520fe39264703773bd290518b81ae

SHA512
deeb7e5c9e99a405fe703d7fcb34c51e5d05332daf800a3b2a05c75833748515e469339d28f914b48be8eb82fa4a602f438402bf4745fd2168185449e8c4c090

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe

Filesize
184KB

MD5
f089a403a7d3508575878bbf41ba913e

SHA1
5ddc57882abdf0f4132ac15c44d5ce859eb36a2f

SHA256
1b275d84894d0cdea2ddc3cba6b6025b9dd755d148193c25ef6e8d6cb6256270

SHA512
8274a562fc58d1e0c177c561312818039944e67e36c7d36d103728cf88e233c186dcab1cde3dca1af2765091b3607a21e9745503a2a02f98a48634b7c891a9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe

Filesize
184KB

MD5
28bbdcceebce2dee4226b9751a772508

SHA1
6d13abcc4c8b5f1efdc59c19bb3a3cbea9916046

SHA256
9f53f6a31fcc34a00164b108478ceda52f3185c4927ab5209ca17a72b8b3dcdc

SHA512
f5b91edc9405dcbc6045d5730d70b339c2d6bfa8479f865d93b3e74edf25a0ba735eed614325fe19f4956f6c59d9358b278e6b0f70865bb2b0ac3014a2445097

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe

Filesize
184KB

MD5
64834592ca3adf7be0864ff448b87c98

SHA1
92c223131c6331846100d375e371df4466727dfc

SHA256
ecf8e0558cbab03ec550181f842f065ff152fed4f3f927d85e8eff817b070b8e

SHA512
d8b861f80c7b66d6fa4d7cdca7772d160e4a9ba5dc5440a81ce6535ba57149d4e8f9e05f10ef0bc65e23d237eb31c15c2b8a65f73600fdb512c33996dffd7a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe

Filesize
184KB

MD5
7179e50f83cdc5d4153c4c80930f3b35

SHA1
ec3ab82fcddf3587add9db269cc469215b38d66c

SHA256
18fde46be164608b778d869d13704e38198112f9ddfd9b059a259c52239703d2

SHA512
d94f8d79889f62ae6273baa6cf91f34348f4d7a4a891f1251a3507ee8207869a368194d45b11220af261bb267593120c8422009eda1eecf25e69b67529e349fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe

Filesize
184KB

MD5
537cd3a3c50d580ce0c200cd871da0f0

SHA1
ee5a22c8041891c2c2c7a92cb5a04ab0e2f445c8

SHA256
868f5df440d1ad82aebc44a2e89f491461d873d953693e9dfd1fca4a35a1e61f

SHA512
47ee64a0c68dedda83d09dfb14e0895cd7941788a5b6db7ff8c15fdc50d08b3706aca738962306060b547d16a7e9add170e66a31b5a5475bebb6406d94f793a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe

Filesize
184KB

MD5
612d04ab438c21bc5cea6dbe1587f855

SHA1
2cfa8dedbd7f2de77c8766ef5c596657a957270b

SHA256
eb7d77427e09b81b8d34cb0fddbfc70eae2fcc461c3ec4787ea8e58235ab9847

SHA512
c407a1f96b345de9716056f12554a8a8c537233a48bf96d60011cd1a8368ea5618615d0a1d3586e3960b963e5aac5490bd0bbe9764de6128cb4d083330568d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe

Filesize
184KB

MD5
0002b8d8f3e43f5d8ee8564bdffd596b

SHA1
826bba23b2ccce77b914bcb2cc5d7b6492422154

SHA256
4eedf0e3c4c586ef49fba289ad070f1c124450a9f56e5b53e71f8ecb60bcd911

SHA512
020aa28d869c62b584f5d55a66f8c4f6d957d291c7088f96e60141c5b63ca0b8e6e54e55a8850b6b379ba6c9926f8c77279ea34edeff15b1218a6f1dc71faf7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe

Filesize
184KB

MD5
317c1c41f70c373a6f0ab8d486295a99

SHA1
5f1bc8338d3ccc4cefcc8fc0e78238252bbabbbe

SHA256
a842fb7f42d42b2a6fe1e2f2908d5c3a6fe308adaad96d270c0d65e1d3b2a271

SHA512
0f7a391ad023cbd6c92ca476be99e686168307be4c037a2e97c3e004bd2516c7ec39d05a66f93a8021d6a3e9c4bf70665c75f961a578c8da363c01f2478c65e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26623.exe

Filesize
184KB

MD5
a496a1d901501f15afad00cc2fe7185a

SHA1
93ffda52a93d7ca1e222ea1347cdc2ccbb059fee

SHA256
d2881c43b8208a24925c7c357cc98ecde01974ed9c319ee3eed1dd7375c5f957

SHA512
6222ae1ae843c4f3f3277dcdad392af85ec4be30cd6fb76087a4a7dbac5cbf6b66b975550ecbc91260f0fb49b032d4df7a32d678ec6bb32603462a5f0b43d934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe

Filesize
184KB

MD5
04f58ba5f1605a1b2d7fab48ef3d758f

SHA1
d755dc22518eff4eed21698e396f1e5076d8726c

SHA256
0f62da5de122a586c8c87107ebb213de4a1d3152d6f9136db9be6f3ece692e1e

SHA512
7c842ad854118d917bae519edbffa3a29aa344045160801d369040b46931c6bb08398f49c83ad7b1608330ea8ad542dadd973fa472bf614a2dcf4d45dc1c6f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe

Filesize
184KB

MD5
f9e1283d2ee26915888989a025443f09

SHA1
f31e85cc8ce1b30bc4294a67e70c3fb8950bb167

SHA256
07939b89d6c702e7c69f06dd0ec812a3e1e0a0c9afa867c5ae27af0b47e311db

SHA512
d8483d480bedeff8ca4e697028f7485a592d8dfd3822a5b7bda0c8ec6d074fb966f46f7f0336bda3b4f502b7dd1e2b1034bef220bd8ae41165eca52c73ad35ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe

Filesize
184KB

MD5
fd345075fc7d3d90bff6a3a92a3f94c2

SHA1
e6c8ced3c1e180eabad222299295f4fb620cb1f5

SHA256
d20f75b29cb9020fcec34a976a35910b6b66720c079eb6f1c162881bfc7adb17

SHA512
736d0194d7231dab813bbaa1a04a32d793b82a1dc75ee1434a3455ebfd5b729e2f3fb88429b69c1375ce1e4a2adcf77ba2a48f8782bdac047e43545ac1e08f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe

Filesize
184KB

MD5
a19fb2fd19f6ce45c207e2dd37cf7d6b

SHA1
781e6fca4cedce1d0b5a6b40e7c7cfb41d41e7ce

SHA256
39a12746f97fef53b1304441df47ef6112233b8fca676ac564eca67362eedfac

SHA512
703c894e848449f3ed14797f6332d57f7f1bb5789ed6681f2d1dc10dec716dd508b190209ee7591966ab56414ca60ebad36d73a08cd37b4b7c4816ee4352ad66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe

Filesize
184KB

MD5
0d054f7e71f92ab56c7ae8360a59e820

SHA1
426d8e96664768606f599c14c38ab8a480cb65e5

SHA256
7f845ed8c6bcbc7d4113ac4b5beb63cf168087e4bd9061aae3a4d4f880fadb93

SHA512
240e20ec622cfc0e620f108f3ba02f47ba2a7c4160637241c5fdd87b8a3f819b5007d3953046ab37fb0679ad83fe36cf784d71c6508434527cd34d6ce87dd661

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe

Filesize
184KB

MD5
41fcdd0149bf4a51961ddcf7fa8638a6

SHA1
c7509c41d2acc6567a3ee687669eff867449aacd

SHA256
9e76e06e526bcd2c6112d2c7b9ee207696405e02b617afccaa0e38e91a51ffc1

SHA512
0dea458fa33d09674585f7dded727c8452a585daaf1ceaaabcf3105e11be6ae6170e350dabfcc2d4e2e469814b0549c680c134ec22f2ef10956abaeb29c14acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe

Filesize
184KB

MD5
06e6de92dd0bdbfc6dd2399c1f530f2c

SHA1
b4eb09032af8e2a9f1de233da482666976798a39

SHA256
836e9f40682357faa24860bf39428eb4d24e56227b1da030d6298869d90333b7

SHA512
2a8dbee7f32b1bd0823a6787cc3dd196b7dbd2fefadf8c65bb6a2f41cd431ea6bd88e929929dbbea6a865d617afde20e7776ff91b4f329dc8ce7eb29b235701e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe

Filesize
184KB

MD5
d2d210c39d95b666084448ce2e8c688e

SHA1
c9d85ef48f524453af35c728f922f64b946a6c8e

SHA256
ecc7175f01d1bb45baf67c442286e13d00da855c0929dcdbc7fb3194c8e26f18

SHA512
b951058439f6505e55a7777620a3042021c1d24dcdadd3b90dd8377bf7cd0a17070ebc2be21364ce1eb93fd86f0393b992ef269fd573b7a3b090dd258fa4bbd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe

Filesize
184KB

MD5
3183fbc5a7e4a56c936746a7c4d338cd

SHA1
bd54ef1b7c004c145dfc716d3240a4a840b7f009

SHA256
b76695de3bc5b3481297b779c61c2dc766dd763b3e402279130f9f78c773e02d

SHA512
a6be0b4da18547fee4d66e062b0770cc49dd1e463cefa679309362c2acc56ca27b8a47b98c456d8f33d632af162116b512c898f866ef2e77ea84b36830e305a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe

Filesize
184KB

MD5
47f547ea529ff017d20a2650502ba69d

SHA1
3111e1f10fb3faff3cedf85b3a2de99cc4bdee46

SHA256
48ac54b5d01ae0a269c40d26e55e970f9479b497d906ae5daa5f294472ce58d6

SHA512
1570431f4ee2ca186eb782b1ec0f726ca59e8bc0c09aea72333611f59f41720f915fc5ea596d72b37770abd7e1eb5ce5e3c3ad19684df5493926fccd174c211f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe

Filesize
184KB

MD5
a28d0a89b6ef31fe588f0c75337999a4

SHA1
8658ec8ac21f56b3c1faa47771a73473d2d4ee75

SHA256
255fa1ed641bfbd1adc9c5f6f3cd84ca9a94fe67c5100bf05096ce41b7ffc2f7

SHA512
a93407e3bc767d722b9b43de03f969333e0e45e6a24f3cf990a2e7e8fa8c990c5fe10282130ef831705e2178f3bc5135f5656ddb6f868ed7042d8d8e55a190fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe

Filesize
184KB

MD5
b29c56894133c8980e6f6836bf0ce6ab

SHA1
f1f545422e8d973505ca84ad06461b3d1b3a9674

SHA256
8e1b170ca24ce24ca97da6942a775af52330f813cad469a3c66e53efced81a27

SHA512
753de5bc16314779db596ce9825c27451891cb35b0a6dc0bed988b79bae6f37b21b646f5b7b559b4dc3ab35fc94933b2eb3684d9208dbd7c37c375f07dc07149

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe

Filesize
184KB

MD5
f8b68f292baeb53f7b049af7ef579047

SHA1
38231e68e91c3ce45849b6d5e6c9b7d6cabe9660

SHA256
2840cef9012bac7b6ee8df8756cb0725d83430facda9b691f3a697219d0a3137

SHA512
f10c9b78eb321a9494c1ed173f3ea8ddd0b816467312fc9bf646ea6b6fecfea67f25797d2d26e3f40ef1d034a820ac34aaca7164347cdbe8a782f482ca25f4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe

Filesize
184KB

MD5
be8c2b7643e4e3c5c794a6770ca1013f

SHA1
cf894be498f58ebb300c73a928f80225921323fd

SHA256
ef109c49a88084192f7b1e2b522114020d2213159222b25314fa340ab1bc69e7

SHA512
4c2c945591b6b13ca948a78cf095759b408a4b8c982ac1f89b621e107356b6782a4a2ad485b786866988e25735bc6517ffa34d579ae751f8780fbd595b57b4ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe

Filesize
184KB

MD5
40a199b7dc30dd5db40a327964f05035

SHA1
f141768770c736685020a95018262a96f2bde3ba

SHA256
f277695571d2d1ac512f8872993af284491245c75aaab11dd6c48f70ad864d51

SHA512
9031b0e10d35d71adb5bfc7d2ff9620caeb4877000ac8f244a4373998ca3ba2e9ee4cc3ad8946853118fee18727be21fecd5d9dfd3b7a347c035196f9e41b52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe

Filesize
184KB

MD5
244fd49cce2c3e9cae9c5d872779666a

SHA1
47ee83aee990f580bf7609f3ca73bb23c815daa1

SHA256
2916e571d3de21a36395a450c6ba0021dfae44a5321efdf17e88bb62ee674cc3

SHA512
fef9702cc79783d22d7554e29e353bdf7a2a6bf9f9d472d4662452919ad43bd7e21b488424e4e2f2c235e61f2ef96f7722073dccdf0cb48427739c67bae4914a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe

Filesize
184KB

MD5
eafaa5097748de0eabeaaae016df5a56

SHA1
af409df862b37a2a7bca3dc0c3dc7680a299381a

SHA256
80304aef83bee779bc955300ac756e0a228e57b5a91d6a6c94d88fb9db1b6d82

SHA512
458527544f60ccb9b16dde596542480a7b689b4cab4812831e2957d6162498b7ac797dc3d1e56e43db662fde692a98d81a53c9c6e658a03f44438db81599a84c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe

Filesize
184KB

MD5
9e82a0180898d37af67fba3a87feca03

SHA1
3475c9671a6dc50f2890fa21bb8a2848e46baaff

SHA256
959abaf0025341fd85643b3da7d5c10ee173e9f9f2869ef06a715b6797f66a72

SHA512
a0e6784a8fc0011156e2a1a121d2a19b5c99270252a451bfb62a20a404a2520a5674c73abf0ebc23ca5208b255218b38888f22d48de8f3a2a1ce7fc867a31aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe

Filesize
184KB

MD5
e60ac99842e49607b832ce8ae3bd1091

SHA1
6e6070d405f3114b6077d3c81ac5cb0d28bbf1d4

SHA256
ae81b154306e8ce689319f5f70ad377f450b3b9df1430063cfe772cc919c842c

SHA512
639d278d95cdb68194de9806b688311dcf27afa117b3ce73a86c8fe146c3298ec566a1935f16aa7b1eeff48f105c2f53acacaaa9de9559f51979b3bc94e87241

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe

Filesize
184KB

MD5
c8bf89bbed26e46e1193f51862bb65d8

SHA1
7299a1146084ab309dd03be1cd2987a80ca37a9b

SHA256
1c2dcf5b609a27921a8b3a552755a37063451d48fa3a093ab5e824d4f61d752b

SHA512
f58a6a7de1d8c307c0c7cea3217d28872cf42a78a83fdaf65d31e313e42d93f9748088e8a2ffbe197515a54fa119281567911f345d7e9eb0dca88d70760cb027

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe

Filesize
184KB

MD5
f6525ccc3538f69f8b4072be4dfc00c8

SHA1
87ab3b2245f825934efd0e50c2cbd0bdaffdca4c

SHA256
e9d992bd7cf58182bd36e94ce000d2e7be24f189797e3e9a345552d8318f36ea

SHA512
0b8f90d24003f5b9a63c45d753520e862d67f0fd342a6769b44a9a8cba9c2e8c15e23b0aa842d3feea71d86e4f34d82d935821ae9e931e034967a9bdfe5eb038

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe

Filesize
184KB

MD5
16f20c4e7e4a36585d77a3e316d841e1

SHA1
c269f23772d680d5d444ce27f67db0f07c30fbeb

SHA256
248f2d88a8b2d823557fa8124c19fdf4312626f4b50964e535e319bcd15f1633

SHA512
a75a450699b32911929cbb80822fd12c019c936b0e1728c0ffa368b786444727139c87381757626b203d65c0d0a3922800ff9ac234b750fb0ed860f34562e062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe

Filesize
184KB

MD5
1767b862f8f03ade17b2354d2404392b

SHA1
267b1664e5c5047112c69f46cf87e69ace377529

SHA256
0c42b769e0b9a46088b8bf62d9e73ee94ccd02beb129b6cfa76486faa80c7712

SHA512
a0109b4600f8f2ed47de7eb60effbe04a0195b6b1bf782e060a69bf332719cf27c4261a284b5c850b7bb7135ab86604f9ef7edefcc022036c808aa58f48029d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe

Filesize
184KB

MD5
02ca46db830260abc0d8e91f2b9423fb

SHA1
e5a808d709f030958ffda147ab0bf5e9a43b0a4f

SHA256
4577095dcdd96a97cf6d9c9cac272b88ec9777979f27eb7bd33b02fd89f29a1b

SHA512
0f0792eb1cb1e393a56a145c77053ec6d58e144dc7936d73eba1128aa7f6ee662dcb9847e11457fc706e5d2e6f28dfbb81db05777803a43e45fa21f80ef5efbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe

Filesize
184KB

MD5
7b04c264a2d3994e6e25866a722243f2

SHA1
7de6a0568e170167f62ba1e717f2e1caceccad61

SHA256
37172749b7e4ba82e783897fa6a735b746f35e69c659864197f59d1b497f7641

SHA512
f9366942d1b0656d1b463c5037c10e9cce560761a4bb117d0333bb8cbe4df89b43065ff21bc19725479f96233720cd340b25e347282c440bd665299a90e58800

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe

Filesize
184KB

MD5
dac04cfe7358bc4cd95ceecd08ea2c99

SHA1
0e2b74e1fe91544d2761c24fa95bb56ce0931f6a

SHA256
781be195c5aca5f9e202930145311d947c90a6d0c9842e8440c9294be3ba09f5

SHA512
a06999c05a25a2e61ebe4dcbc4e62367b650fe5786eb09bf0b984c7338322ffea3c7bdc953096bf008cde418ed62c00fd702a592c9efe7cb9ed5b44799d4aa8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe

Filesize
184KB

MD5
52c886175a33ea246c6bab842ce3aea4

SHA1
337686603b05a27c10e007c061f7ed840964fcec

SHA256
3efbc8865f84248b84bf6cfe630e9c92a9cd2b4b3a3418116a41224edf31faf8

SHA512
4a7aaa0cb290d5999fb5af86a5cf4bc805e4a955ed5d2ce8b02d678486aa07d7e39ec880b5bfb16e8c8140ebb463a8d7d4e4ad17cce25dcc5074dcbdaf6a8117

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe

Filesize
184KB

MD5
5a74dc2926a2bb3dd90cbf3aabb56161

SHA1
75829b0dd4b791b9513f00491b508118d44bc8d3

SHA256
86725afa6752cab9c7700a1e2613eda1b5272a85badb2fe239293c11e1258cb4

SHA512
a0bad1b257ff4d07102e5c8cc2f47605936f63bb167eb075e6c53a085ceb88e1001992a694e19acb71b57342e89577e4adcdcd874b45662bf63b5373be955651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe

Filesize
184KB

MD5
8fb0804a6060df341c8548ebba9dae6c

SHA1
b21046ee163ea60e55ea8843065e12ea26760425

SHA256
45c7501bea87a71f064bbbc44f8d29af13641128afbbd65660b88a4ab8bbe353

SHA512
c0852fe95c46056825095c17fadc66bb8af4fd238dbeb76ae3401bfe1142642ce51f5d30f424d0d0cfa61f3fe807625b6a01f206525cc1789adba7fbb5ba5218

Download Submit