97f8c08f976399e3593c1fa0b0a72041be4e03de73026bf3d2fb12b1dc9149cf

Analysis

max time kernel
120s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c3503c120a8866bb061155d5d098e90N.exe
Size

184KB
MD5

0c3503c120a8866bb061155d5d098e90
SHA1

52c50f154b11be296890f6d10565bc9ec07b2780
SHA256

97f8c08f976399e3593c1fa0b0a72041be4e03de73026bf3d2fb12b1dc9149cf
SHA512

679ca948f1fbfd94f2a8e273528b447826ab6c171afbfaa8406501b191bfc9a5d3d638925312b52cd9ace890ffc4d0516cf86e17ac31058a6a6c91fbb50a9ab1
SSDEEP

3072:NP0kC3oT7JUW8n4WeaLh+GsZ7ljViFRnY:NPioyDn4WhpsZ7ljViFR

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3696	Unicorn-61256.exe
708	Unicorn-62180.exe
4748	Unicorn-46399.exe
4656	Unicorn-22492.exe
5024	Unicorn-6710.exe
4420	Unicorn-3778.exe
3796	Unicorn-52232.exe
1428	Unicorn-37026.exe
4928	Unicorn-37048.exe
3252	Unicorn-33518.exe
1588	Unicorn-12927.exe
3272	Unicorn-31956.exe
4992	Unicorn-17012.exe
2472	Unicorn-50452.exe
4572	Unicorn-3944.exe
2296	Unicorn-40722.exe
2096	Unicorn-20302.exe
2220	Unicorn-51028.exe
4360	Unicorn-24386.exe
2324	Unicorn-8412.exe
2076	Unicorn-8412.exe
852	Unicorn-64396.exe
2868	Unicorn-44531.exe
3056	Unicorn-15387.exe
2576	Unicorn-65143.exe
2448	Unicorn-15195.exe
1940	Unicorn-64951.exe
2944	Unicorn-8973.exe
3244	Unicorn-13057.exe
4128	Unicorn-63389.exe
1996	Unicorn-17718.exe
520	Unicorn-28578.exe
2380	Unicorn-48444.exe
3368	Unicorn-63602.exe
3064	Unicorn-55989.exe
2248	Unicorn-10317.exe
4684	Unicorn-26462.exe
2368	Unicorn-57188.exe
1156	Unicorn-45491.exe
1444	Unicorn-18870.exe
2188	Unicorn-53680.exe
3928	Unicorn-395.exe
404	Unicorn-58319.exe
3548	Unicorn-58319.exe
1428	Unicorn-203.exe
5052	Unicorn-203.exe
4476	Unicorn-23316.exe
3268	Unicorn-8371.exe
3916	Unicorn-8371.exe
4132	Unicorn-31676.exe
4672	Unicorn-62403.exe
3772	Unicorn-16732.exe
1972	Unicorn-52502.exe
2700	Unicorn-11469.exe
1136	Unicorn-30306.exe
4072	Unicorn-35782.exe
3840	Unicorn-971.exe
752	Unicorn-50727.exe
4724	Unicorn-37920.exe
4752	Unicorn-56949.exe
3972	Unicorn-30882.exe
1872	Unicorn-63000.exe
1148	Unicorn-47219.exe
1164	Unicorn-37104.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4072	2952	WerFault.exe	83
1364	3696	WerFault.exe	89
520	708	WerFault.exe	92
1464	4748	WerFault.exe	93
4444	4656	WerFault.exe	98
3592	5024	WerFault.exe	99
928	4420	WerFault.exe	104
404	3796	WerFault.exe	105
2764	1428	WerFault.exe	106
4892	4928	WerFault.exe	111
1972	3252	WerFault.exe	112
2720	1588	WerFault.exe	113
4316	3272	WerFault.exe	114
3968	4992	WerFault.exe	115
4480	2472	WerFault.exe	116
2292	4572	WerFault.exe	117
5024	2296	WerFault.exe	120
5040	2096	WerFault.exe	123
3652	4360	WerFault.exe	125
3100	2220	WerFault.exe	124
4512	2324	WerFault.exe	126
2952	3928	WerFault.exe	165
4480	852	WerFault.exe	131
664	2868	WerFault.exe	130
4504	2576	WerFault.exe	136
4760	3056	WerFault.exe	135
5824	520	WerFault.exe	144
5816	2380	WerFault.exe	145
5324	3368	WerFault.exe	151
5112	4036	WerFault.exe	150
6096	2188	WerFault.exe	164
4860	1428	WerFault.exe	168
3552	3916	WerFault.exe	172
3844	4752	WerFault.exe	191
2392	3840	WerFault.exe	186
6368	1972	WerFault.exe	180
4516	4236	WerFault.exe	233
4416	5364	WerFault.exe	249
6468	4140	WerFault.exe	211
1716	5256	WerFault.exe	244
5196	5788	WerFault.exe	297
5720	5184	WerFault.exe	279
6864	1324	WerFault.exe	223
6952	3056	WerFault.exe	304
7512	1720	WerFault.exe	333
7840	3064	WerFault.exe	323
5660	2292	WerFault.exe	315
5500	1048	WerFault.exe	278
4624	5292	WerFault.exe	534
6600	5584	WerFault.exe	543
1136	4504	WerFault.exe	577
5856	5576	WerFault.exe	619
5532	7500	WerFault.exe	672
4704	7544	WerFault.exe	676
7644	8064	WerFault.exe	701
944	6004	Process not Found	736
6080	7756	Process not Found	855
7140	5268	Process not Found	758
1160	5664	Process not Found	932
6664	4164	Process not Found	992
5196	6032	Process not Found	1034
5988	6540	Process not Found	1047
7004	4068	Process not Found	1186
7540	6548	Process not Found	1233

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c3503c120a8866bb061155d5d098e90N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-203.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2952	0c3503c120a8866bb061155d5d098e90N.exe
3696	Unicorn-61256.exe
708	Unicorn-62180.exe
4748	Unicorn-46399.exe
4656	Unicorn-22492.exe
5024	Unicorn-6710.exe
4420	Unicorn-3778.exe
3796	Unicorn-52232.exe
1428	Unicorn-37026.exe
4928	Unicorn-37048.exe
3252	Unicorn-33518.exe
1588	Unicorn-12927.exe
3272	Unicorn-31956.exe
4992	Unicorn-17012.exe
4572	Unicorn-3944.exe
2296	Unicorn-40722.exe
2096	Unicorn-20302.exe
2220	Unicorn-51028.exe
4360	Unicorn-24386.exe
2324	Unicorn-8412.exe
2076	Unicorn-8412.exe
852	Unicorn-64396.exe
2868	Unicorn-44531.exe
3056	Unicorn-15387.exe
2576	Unicorn-65143.exe
2448	Unicorn-15195.exe
1940	Unicorn-64951.exe
2944	Unicorn-8973.exe
520	Unicorn-28578.exe
1996	Unicorn-17718.exe
2380	Unicorn-48444.exe
4128	Unicorn-63389.exe
3244	Unicorn-13057.exe
4036	Unicorn-45683.exe
3368	Unicorn-63602.exe
3064	Unicorn-55989.exe
2248	Unicorn-10317.exe
4684	Unicorn-26462.exe
2368	Unicorn-57188.exe
1156	Unicorn-45491.exe
1444	Unicorn-18870.exe
2188	Unicorn-53680.exe
3928	Unicorn-395.exe
404	Unicorn-58319.exe
3548	Unicorn-58319.exe
1428	Unicorn-203.exe
5052	Unicorn-203.exe
4476	Unicorn-23316.exe
3268	Unicorn-8371.exe
4132	Unicorn-31676.exe
3916	Unicorn-8371.exe
3772	Unicorn-16732.exe
4672	Unicorn-62403.exe
1972	Unicorn-52502.exe
2700	Unicorn-11469.exe
1136	Unicorn-30306.exe
4072	Unicorn-35782.exe
3840	Unicorn-971.exe
752	Unicorn-50727.exe
4724	Unicorn-37920.exe
4752	Unicorn-56949.exe
3972	Unicorn-30882.exe
1148	Unicorn-47219.exe
1872	Unicorn-63000.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 3696	2952	0c3503c120a8866bb061155d5d098e90N.exe	89
PID 2952 wrote to memory of 3696	2952	0c3503c120a8866bb061155d5d098e90N.exe	89
PID 2952 wrote to memory of 3696	2952	0c3503c120a8866bb061155d5d098e90N.exe	89
PID 3696 wrote to memory of 708	3696	Unicorn-61256.exe	92
PID 3696 wrote to memory of 708	3696	Unicorn-61256.exe	92
PID 3696 wrote to memory of 708	3696	Unicorn-61256.exe	92
PID 2952 wrote to memory of 4748	2952	0c3503c120a8866bb061155d5d098e90N.exe	93
PID 2952 wrote to memory of 4748	2952	0c3503c120a8866bb061155d5d098e90N.exe	93
PID 2952 wrote to memory of 4748	2952	0c3503c120a8866bb061155d5d098e90N.exe	93
PID 4748 wrote to memory of 4656	4748	Unicorn-46399.exe	98
PID 4748 wrote to memory of 4656	4748	Unicorn-46399.exe	98
PID 4748 wrote to memory of 4656	4748	Unicorn-46399.exe	98
PID 3696 wrote to memory of 5024	3696	Unicorn-61256.exe	99
PID 3696 wrote to memory of 5024	3696	Unicorn-61256.exe	99
PID 3696 wrote to memory of 5024	3696	Unicorn-61256.exe	99
PID 708 wrote to memory of 4420	708	Unicorn-62180.exe	104
PID 708 wrote to memory of 4420	708	Unicorn-62180.exe	104
PID 708 wrote to memory of 4420	708	Unicorn-62180.exe	104
PID 5024 wrote to memory of 3796	5024	Unicorn-6710.exe	105
PID 5024 wrote to memory of 3796	5024	Unicorn-6710.exe	105
PID 5024 wrote to memory of 3796	5024	Unicorn-6710.exe	105
PID 4748 wrote to memory of 1428	4748	Unicorn-46399.exe	106
PID 4748 wrote to memory of 1428	4748	Unicorn-46399.exe	106
PID 4748 wrote to memory of 1428	4748	Unicorn-46399.exe	106
PID 4420 wrote to memory of 4928	4420	Unicorn-3778.exe	111
PID 4420 wrote to memory of 4928	4420	Unicorn-3778.exe	111
PID 4420 wrote to memory of 4928	4420	Unicorn-3778.exe	111
PID 4656 wrote to memory of 3252	4656	Unicorn-22492.exe	112
PID 4656 wrote to memory of 3252	4656	Unicorn-22492.exe	112
PID 4656 wrote to memory of 3252	4656	Unicorn-22492.exe	112
PID 3796 wrote to memory of 1588	3796	Unicorn-52232.exe	113
PID 3796 wrote to memory of 1588	3796	Unicorn-52232.exe	113
PID 3796 wrote to memory of 1588	3796	Unicorn-52232.exe	113
PID 5024 wrote to memory of 3272	5024	Unicorn-6710.exe	114
PID 5024 wrote to memory of 3272	5024	Unicorn-6710.exe	114
PID 5024 wrote to memory of 3272	5024	Unicorn-6710.exe	114
PID 1428 wrote to memory of 4992	1428	Unicorn-37026.exe	115
PID 1428 wrote to memory of 4992	1428	Unicorn-37026.exe	115
PID 1428 wrote to memory of 4992	1428	Unicorn-37026.exe	115
PID 4928 wrote to memory of 2472	4928	Unicorn-37048.exe	116
PID 4928 wrote to memory of 2472	4928	Unicorn-37048.exe	116
PID 4928 wrote to memory of 2472	4928	Unicorn-37048.exe	116
PID 4420 wrote to memory of 4572	4420	Unicorn-3778.exe	117
PID 4420 wrote to memory of 4572	4420	Unicorn-3778.exe	117
PID 4420 wrote to memory of 4572	4420	Unicorn-3778.exe	117
PID 3252 wrote to memory of 2296	3252	Unicorn-33518.exe	120
PID 3252 wrote to memory of 2296	3252	Unicorn-33518.exe	120
PID 3252 wrote to memory of 2296	3252	Unicorn-33518.exe	120
PID 1588 wrote to memory of 2096	1588	Unicorn-12927.exe	123
PID 1588 wrote to memory of 2096	1588	Unicorn-12927.exe	123
PID 1588 wrote to memory of 2096	1588	Unicorn-12927.exe	123
PID 3272 wrote to memory of 2220	3272	Unicorn-31956.exe	124
PID 3272 wrote to memory of 2220	3272	Unicorn-31956.exe	124
PID 3272 wrote to memory of 2220	3272	Unicorn-31956.exe	124
PID 4992 wrote to memory of 4360	4992	Unicorn-17012.exe	125
PID 4992 wrote to memory of 4360	4992	Unicorn-17012.exe	125
PID 4992 wrote to memory of 4360	4992	Unicorn-17012.exe	125
PID 3796 wrote to memory of 2076	3796	Unicorn-52232.exe	127
PID 3796 wrote to memory of 2076	3796	Unicorn-52232.exe	127
PID 3796 wrote to memory of 2076	3796	Unicorn-52232.exe	127
PID 1428 wrote to memory of 2324	1428	Unicorn-37026.exe	126
PID 1428 wrote to memory of 2324	1428	Unicorn-37026.exe	126
PID 1428 wrote to memory of 2324	1428	Unicorn-37026.exe	126
PID 4572 wrote to memory of 852	4572	Unicorn-3944.exe	131

C:\Users\Admin\AppData\Local\Temp\0c3503c120a8866bb061155d5d098e90N.exe
"C:\Users\Admin\AppData\Local\Temp\0c3503c120a8866bb061155d5d098e90N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        11⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        12⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
        13⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        14⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        15⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        16⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 744
        9⤵
        Program crash
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        10⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        11⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        13⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        14⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        15⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        16⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        11⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        12⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        13⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        14⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 624
        9⤵
        Program crash
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 724
        8⤵
        Program crash
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 716
        7⤵
        Program crash
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-971.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        11⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        12⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        13⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        14⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        15⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        16⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 744
        9⤵
        Program crash
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6783.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        9⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        11⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        12⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        13⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        14⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        15⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        16⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        10⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        11⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        12⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        13⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        14⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 752
        7⤵
        Program crash
        
        PID:664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 744
        6⤵
        Program crash
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44246.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        12⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        13⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        14⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        15⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        16⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        12⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        13⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        14⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        15⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 664
        10⤵
        Program crash
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        10⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        11⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
        12⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        13⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
        14⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        15⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        10⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 720
        8⤵
        Program crash
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-177.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        12⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        13⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        14⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        15⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        9⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        12⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        13⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        14⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        13⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 748
        7⤵
        Program crash
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        8⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        9⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 636
        10⤵
        Program crash
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22456.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
        11⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        12⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        14⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        12⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        13⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        14⤵
        
        PID:632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 724
        8⤵
        Program crash
        
        PID:1716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 752
        6⤵
        Program crash
        
        PID:2292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 708
        5⤵
        Program crash
        
        PID:928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 712
      4⤵
      Program crash
      PID:520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        11⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        12⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
        13⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        14⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        15⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
        16⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        15⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        11⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        12⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31086.exe
        13⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        14⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        15⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        16⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 696
        13⤵
        Program crash
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
        10⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        12⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        13⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        14⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        15⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        16⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        11⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        12⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58304.exe
        13⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        14⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        15⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16452.exe
        10⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        12⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        13⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        14⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        15⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        16⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        12⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        13⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        14⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        15⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 652
        12⤵
        Program crash
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22072.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        12⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
        13⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        14⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        15⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        16⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        11⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        12⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58496.exe
        13⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        14⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        15⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        16⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        14⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        15⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        9⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8169.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        12⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        13⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        14⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        13⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        14⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 764
        7⤵
        Program crash
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        12⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        13⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        14⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        15⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 636
        11⤵
        Program crash
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 644
        10⤵
        Program crash
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
        10⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        11⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        12⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        13⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        14⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        9⤵
        
        PID:852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 716
        8⤵
        Program crash
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29908.exe
        12⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        13⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        14⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        11⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        13⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        14⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        15⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        13⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        14⤵
        
        PID:2020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 744
        6⤵
        Program crash
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        12⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        11⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
        12⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        13⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        14⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        15⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        12⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        13⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        14⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        15⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 720
        9⤵
        Program crash
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        9⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        11⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        12⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        13⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 656
        12⤵
        Program crash
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        11⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        12⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        13⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        14⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
        15⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        12⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        13⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        14⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 724
        7⤵
        Program crash
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        11⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        12⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        13⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        14⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        15⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        13⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        14⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
        11⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        12⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        13⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        14⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 664
        12⤵
        Program crash
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 652
        9⤵
        Program crash
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        10⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        11⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        12⤵
        
        PID:8148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 720
        5⤵
        Program crash
        
        PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 720
        8⤵
        Program crash
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        11⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        12⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        13⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        14⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        15⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        10⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49376.exe
        12⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        12⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        13⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
        11⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        12⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        14⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        11⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        12⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        13⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        14⤵
        
        PID:5272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 740
        6⤵
        Program crash
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        8⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        11⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        12⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        13⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        11⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        12⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        9⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        10⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        12⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        13⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        14⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 736
        12⤵
        Program crash
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        10⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        11⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        13⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 636
        10⤵
        Program crash
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 652
        8⤵
        Program crash
        
        PID:5720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 724
        5⤵
        Program crash
        
        PID:4316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 664
      4⤵
      Program crash
      PID:3592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 716
    3⤵
    - Program crash
    PID:1364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26462.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        11⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        12⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        13⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        14⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        15⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 752
        8⤵
        Program crash
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 672
        7⤵
        Program crash
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37920.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1713.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        11⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
        12⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        13⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        14⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        15⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        11⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        12⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        13⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        14⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        13⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
        14⤵
        
        PID:2448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 740
        6⤵
        Program crash
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        9⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        12⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        13⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        14⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        15⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 724
        8⤵
        Program crash
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        11⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        12⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        13⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        14⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        10⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        11⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        12⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        13⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 712
        8⤵
        Program crash
        
        PID:7840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 748
        6⤵
        Program crash
        
        PID:4504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 736
        5⤵
        Program crash
        
        PID:1972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 712
      4⤵
      Program crash
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        10⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        11⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        12⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        13⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        14⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        15⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        14⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        15⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39408.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        11⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8143.exe
        12⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        13⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        14⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
        15⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 752
        8⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        11⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        12⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        13⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        14⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        9⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        12⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
        13⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 624
        9⤵
        Program crash
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        12⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        13⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        14⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        13⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 648
        11⤵
        Program crash
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        9⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        10⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        11⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        12⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        13⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        14⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        10⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        11⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        12⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        13⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        14⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        13⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        11⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        12⤵
        
        PID:8096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 736
        6⤵
        Program crash
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        12⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        13⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        14⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        15⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        16⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
        14⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        15⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59575.exe
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        10⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        12⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        13⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 628
        7⤵
        Program crash
        
        PID:4860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 520 -s 748
        6⤵
        Program crash
        
        PID:5824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 740
        5⤵
        Program crash
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        10⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        12⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        13⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        14⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        11⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        12⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
        13⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        11⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        13⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        14⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        11⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        12⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        11⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        12⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        11⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        12⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        14⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36218.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        11⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60834.exe
        13⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        12⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
        13⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        6⤵
        
        PID:5416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 720
        5⤵
        Program crash
        
        PID:4512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 764
      4⤵
      Program crash
      PID:2764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 720
    3⤵
    - Program crash
    PID:1464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 756
  2⤵
  - Program crash
  PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2952 -ip 2952
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3696 -ip 3696
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 708 -ip 708
1⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4748 -ip 4748
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4656 -ip 4656
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5024 -ip 5024
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4420 -ip 4420
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3796 -ip 3796
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1428 -ip 1428
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4928 -ip 4928
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3252 -ip 3252
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1588 -ip 1588
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4992 -ip 4992
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3272 -ip 3272
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2472 -ip 2472
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4572 -ip 4572
1⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2296 -ip 2296
1⤵
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2096 -ip 2096
1⤵
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2220 -ip 2220
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4360 -ip 4360
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2324 -ip 2324
1⤵
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2076 -ip 2076
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3928 -ip 3928
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 852 -ip 852
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2868 -ip 2868
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3056 -ip 3056
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2576 -ip 2576
1⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2448 -ip 2448
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1940 -ip 1940
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2944 -ip 2944
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 520 -ip 520
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2380 -ip 2380
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1996 -ip 1996
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3244 -ip 3244
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4128 -ip 4128
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4036 -ip 4036
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3368 -ip 3368
1⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 3064 -ip 3064
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2368 -ip 2368
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4684 -ip 4684
1⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1156 -ip 1156
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2188 -ip 2188
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 404 -ip 404
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3548 -ip 3548
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1444 -ip 1444
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2248 -ip 2248
1⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1428 -ip 1428
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3268 -ip 3268
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5356 -ip 5356
1⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5052 -ip 5052
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4476 -ip 4476
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4672 -ip 4672
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3916 -ip 3916
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3840 -ip 3840
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4752 -ip 4752
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1972 -ip 1972
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2296 -ip 2296
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2700 -ip 2700
1⤵
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4132 -ip 4132
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1136 -ip 1136
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5492 -ip 5492
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3972 -ip 3972
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4724 -ip 4724
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 752 -ip 752
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 976 -ip 976
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5416 -ip 5416
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3772 -ip 3772
1⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1872 -ip 1872
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4072 -ip 4072
1⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1148 -ip 1148
1⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1936 -ip 1936
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1168 -ip 1168
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3156 -ip 3156
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3500 -ip 3500
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 632 -ip 632
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1164 -ip 1164
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4892 -ip 4892
1⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5024 -ip 5024
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4668 -ip 4668
1⤵
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4608 -ip 4608
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4236 -ip 4236
1⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 852 -ip 852
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4296 -ip 4296
1⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1636 -ip 1636
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5104 -ip 5104
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3508 -ip 3508
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 232 -ip 232
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5280 -ip 5280
1⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5256 -ip 5256
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5364 -ip 5364
1⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5692 -ip 5692
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5528 -ip 5528
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1376 -ip 1376
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1176 -ip 1176
1⤵
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3960 -ip 3960
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4140 -ip 4140
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1948 -ip 1948
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5652 -ip 5652
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5856 -ip 5856
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5896 -ip 5896
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4320 -ip 4320
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4960 -ip 4960
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5228 -ip 5228
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5372 -ip 5372
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2020 -ip 2020
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5788 -ip 5788
1⤵
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5676 -ip 5676
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5332 -ip 5332
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3056 -ip 3056
1⤵
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1324 -ip 1324
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5532 -ip 5532
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5316 -ip 5316
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5184 -ip 5184
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5988 -ip 5988
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5836 -ip 5836
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5764 -ip 5764
1⤵
PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5500 -ip 5500
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5608 -ip 5608
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6052 -ip 6052
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5300 -ip 5300
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5876 -ip 5876
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3956 -ip 3956
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5448 -ip 5448
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 468 -ip 468
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5612 -ip 5612
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4684 -ip 4684
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5932 -ip 5932
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4220 -ip 4220
1⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5816 -ip 5816
1⤵
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5644 -ip 5644
1⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3100 -ip 3100
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3312 -ip 3312
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1940 -ip 1940
1⤵
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3272 -ip 3272
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 928 -ip 928
1⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 816 -ip 816
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5748 -ip 5748
1⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2584 -ip 2584
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 316 -ip 316
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6124 -ip 6124
1⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5636 -ip 5636
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2684 -ip 2684
1⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4636 -ip 4636
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 640 -ip 640
1⤵
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 648 -ip 648
1⤵
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5920 -ip 5920
1⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2292 -ip 2292
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4268 -ip 4268
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5456 -ip 5456
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1720 -ip 1720
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 404 -ip 404
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 536 -ip 536
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5428 -ip 5428
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5240 -ip 5240
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5968 -ip 5968
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2340 -ip 2340
1⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4092 -ip 4092
1⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4480 -ip 4480
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 2236 -ip 2236
1⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5436 -ip 5436
1⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5804 -ip 5804
1⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5940 -ip 5940
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6068 -ip 6068
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5132 -ip 5132
1⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5976 -ip 5976
1⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1668 -ip 1668
1⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4604 -ip 4604
1⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5740 -ip 5740
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 1540 -ip 1540
1⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2080 -ip 2080
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5892 -ip 5892
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5520 -ip 5520
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3064 -ip 3064
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5404 -ip 5404
1⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2232 -ip 2232
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6480 -ip 6480
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6092 -ip 6092
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1048 -ip 1048
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6404 -ip 6404
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6528 -ip 6528
1⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6488 -ip 6488
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6356 -ip 6356
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6412 -ip 6412
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5312 -ip 5312
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6752 -ip 6752
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4036 -ip 4036
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6644 -ip 6644
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6636 -ip 6636
1⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5464 -ip 5464
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6608 -ip 6608
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5388 -ip 5388
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4948 -ip 4948
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 208 -ip 208
1⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7080 -ip 7080
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6088 -ip 6088
1⤵
PID:384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6204 -ip 6204
1⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 32 -ip 32
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 2892 -ip 2892
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6632 -ip 6632
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6396 -ip 6396
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1732 -ip 1732
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6652 -ip 6652
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6544 -ip 6544
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6720 -ip 6720
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6592 -ip 6592
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1016 -ip 1016
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6548 -ip 6548
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7096 -ip 7096
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6340 -ip 6340
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5848 -ip 5848
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4072 -ip 4072
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6524 -ip 6524
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 7132 -ip 7132
1⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6740 -ip 6740
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6436 -ip 6436
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6560 -ip 6560
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6444 -ip 6444
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5424 -ip 5424
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6852 -ip 6852
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5800 -ip 5800
1⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2720 -ip 2720
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7120 -ip 7120
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6932 -ip 6932
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6912 -ip 6912
1⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6200 -ip 6200
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6756 -ip 6756
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2392 -ip 2392
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5664 -ip 5664
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5408 -ip 5408
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7140 -ip 7140
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 924 -ip 924
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7016 -ip 7016
1⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6376 -ip 6376
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5368 -ip 5368
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2472 -ip 2472
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5960 -ip 5960
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6448 -ip 6448
1⤵
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3968 -ip 3968
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3692 -ip 3692
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7152 -ip 7152
1⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6268 -ip 6268
1⤵
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7088 -ip 7088
1⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6944 -ip 6944
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2284 -ip 2284
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5908 -ip 5908
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6584 -ip 6584
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1136 -ip 1136
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1228 -ip 1228
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 7040 -ip 7040
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 3696 -ip 3696
1⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5356 -ip 5356
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 348 -ip 348
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5296 -ip 5296
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5292 -ip 5292
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2132 -ip 2132
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5584 -ip 5584
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4512 -ip 4512
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4528 -ip 4528
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4748 -ip 4748
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5932 -ip 5932
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1164 -ip 1164
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4992 -ip 4992
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3608 -ip 3608
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4628 -ip 4628
1⤵
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7064 -ip 7064
1⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6048 -ip 6048
1⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 7124 -ip 7124
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6024 -ip 6024
1⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3956 -ip 3956
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6212 -ip 6212
1⤵
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2016 -ip 2016
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5316 -ip 5316
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3468 -ip 3468
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4592 -ip 4592
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1784 -ip 1784
1⤵
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5272 -ip 5272
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2728 -ip 2728
1⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5928 -ip 5928
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 516 -ip 516
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5860 -ip 5860
1⤵
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4236 -ip 4236
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4504 -ip 4504
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5880 -ip 5880
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3148 -ip 3148
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5556 -ip 5556
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3300 -ip 3300
1⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6016 -ip 6016
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4064 -ip 4064
1⤵
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1148 -ip 1148
1⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7548 -ip 7548
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5832 -ip 5832
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7340 -ip 7340
1⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4296 -ip 4296
1⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4464 -ip 4464
1⤵
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6032 -ip 6032
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7744 -ip 7744
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1364 -ip 1364
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7396 -ip 7396
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6824 -ip 6824
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2944 -ip 2944
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5564 -ip 5564
1⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6620 -ip 6620
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5576 -ip 5576
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1692 -ip 1692
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7388 -ip 7388
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 2572 -ip 2572
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6328 -ip 6328
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5600 -ip 5600
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 7332 -ip 7332
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2948 -ip 2948
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7640 -ip 7640
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4476 -ip 4476
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 8124 -ip 8124
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 8152 -ip 8152
1⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7492 -ip 7492
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8184 -ip 8184
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7308 -ip 7308
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 8084 -ip 8084
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5460 -ip 5460
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5360 -ip 5360
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7232 -ip 7232
1⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 8108 -ip 8108
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 8100 -ip 8100
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5784 -ip 5784
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 868 -ip 868
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 816 -ip 816
1⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 8092 -ip 8092
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4200 -ip 4200
1⤵
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4268 -ip 4268
1⤵
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7868 -ip 7868
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7908 -ip 7908
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 536 -ip 536
1⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5864 -ip 5864
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2968 -ip 2968
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 648 -ip 648
1⤵
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5472 -ip 5472
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7324 -ip 7324
1⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 1628 -ip 1628
1⤵
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 7348 -ip 7348
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3100 -ip 3100
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2236 -ip 2236
1⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 7928 -ip 7928
1⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7500 -ip 7500
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 8116 -ip 8116
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7544 -ip 7544
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7320 -ip 7320
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7468 -ip 7468
1⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5328 -ip 5328
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6492 -ip 6492
1⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4548 -ip 4548
1⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 8064 -ip 8064
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1080 -ip 1080
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 7452 -ip 7452
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5828 -ip 5828
1⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7812 -ip 7812
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4912 -ip 4912
1⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2984 -ip 2984
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5640 -ip 5640
1⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 2432 -ip 2432
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5616 -ip 5616
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3204 -ip 3204
1⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5240 -ip 5240
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6864 -ip 6864
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4012 -ip 4012
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3660 -ip 3660
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 32 -ip 32
1⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7796 -ip 7796
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 8180 -ip 8180
1⤵
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5352 -ip 5352
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4760 -ip 4760
1⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 3476 -ip 3476
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7612 -ip 7612
1⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5820 -ip 5820
1⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6936 -ip 6936
1⤵
PID:7648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe

Filesize
184KB

MD5
f058b2e13cbb3ba3cc071c3e607defa3

SHA1
4a1c7d7a5809bd0f39c69103d0cd4f60c190b1f7

SHA256
7d9cc48a711784ea6f5913bdc5ac7f652bc19663f13907ac035d0bcc47bcb5ed

SHA512
6970a2aad19d8d8ae1019650e7c83cffad7fd604969338cd7f5be847cb700be90dac72b6ad0a2f3bf72784853c34d9ccf29aa5766afe7f9c38341c750c6e5998

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe

Filesize
184KB

MD5
0fb65eb8ecbd7770af667ed0063509a9

SHA1
7dda82f8d9238280686aec3098f86b4ed115751f

SHA256
670f29cff9f5ae5a024bdbafa1079e27fee69df69dc0aa9138ecd82402d702fc

SHA512
a24bb06acb7a547f6d2339db3fad443519f2417af72b582a6211e9f3f68150fb97fef5a979900dd64e4e0fe6493ce6a837cbe892c7835e74cc13fe320a7673ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe

Filesize
184KB

MD5
5e62167a76f11fd4a506c9f2ca60211f

SHA1
f870784114061da259e2adfcad7f9b261ad7baf8

SHA256
1ed841a8c63e7c0fb5245857ba5a99a4ed454dabcf579c2242c8af15f8acba8d

SHA512
7af4d831fd2d43ac6842918bdeefee0d1560a501cf3958ddd75e318970011538098aeff48215401b2a5d0efab481a69722e15095bd77dbda31ec5812d85cd8d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe

Filesize
184KB

MD5
95a5d265fffbe8a11a6cdbf698e5134b

SHA1
53093f42626bb902c2475d624b6d1985b6307f7f

SHA256
7b67b43bfd404112d81ba47e85a4c391f17c02795617f050c43f6b7340e9c2e3

SHA512
38149800299eee88d4b685f4af2bf2203a2cea1ad76e2a0c657d2dc93ee4ed4d3e940f95c6528be23cf558c7cf8413e959b7c5109c7f6e70ec6b23088ed55c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe

Filesize
184KB

MD5
cbbd8255a00037640f5f32351941a6d6

SHA1
062edda5da4b9a312721497920f5b7c4009f5825

SHA256
1123bf391d04e85c4a8f5d93da3efdaa548de4efdde32e42bceb5c25da70ac05

SHA512
fff1d0529311e1cc1b9837390716b3d654dd84b2e8614ecb7f7492dc3748b116d387f8586716ced1645853dcc4b4d33b9a2d90309dd94d6103d06e902b5d132f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe

Filesize
184KB

MD5
3d0ed59c6a1d8b91f056391d28bc6731

SHA1
810f6a6a0691f0031aa0e64f24307f0d7d81d836

SHA256
643c7bfc4f0819a154cf2e4fba680cca1d68f2d82f20238ecec17e831b42dfd2

SHA512
5fd96346d678d22b7e4657b395bc2a52a80e1120bf8487ed6876c2790760cb0e1f9eb9381f947718277b6a30c60cfc1a5df20522268733157ebdb9f9c3263e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe

Filesize
184KB

MD5
22cb8dedfd42b88f745d68039b6d9910

SHA1
3b96cb5a586bf2e7f4021592b3dae052135d993b

SHA256
15e88ad679e259c060a63c5699bdd44e76ec584816a8fe0007bbe15414fc3b02

SHA512
0cd36556043178f9d5b305075d22162bbfef207e971fcd024cdecbb7c3206b760374ff8790edd6c8ae4cc5dbe77e28ca9acbeccc1fc325572c2d0de0958891ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe

Filesize
184KB

MD5
dcb699ce9c6e40c823ba0f1dbf6deaff

SHA1
bbc68e3f2acb3db06e388928f2bfcb1bd9d030a9

SHA256
3d9ddc790ab3e035189cb682058623bb1e1094442d4b7dde557f2dc5629eb6e9

SHA512
d875d66651ca1d316c2b4b51db50c5e0f3f105aed104bbee1e6f2a7ae034144adfcc6bd570db74364c6af2ac5f09d62c1009f7930c371965f3d6b18039c605a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe

Filesize
184KB

MD5
3a1125e473275f7bbf73e73eae102338

SHA1
78f95ef6cb31708edc3ff60ed00d04f6f6946ece

SHA256
97e84cab0e8fa502751f22d048f07541a89b716a4b1203fa29d4274fa30473e8

SHA512
1571119b4e8b4ef3476229faeb7fb2eb7d70820a9c9974745f29d48f676a8b15f47e6e89c7eeec25b7017cbcb9783fe22c4c3a945b93e8586e666361e16cdc99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe

Filesize
184KB

MD5
86ed1a7183ffb47055b2b3f82473e4af

SHA1
29152a0bf91290d02ed0f80565bd0c347eac5145

SHA256
cc3697cd3182601ddf139a64a69f2cf6b8f8412c9a70e645359df648b8b7b42d

SHA512
1e92520ded54e26d963515b1fc98a3dddb8aabb2d8f4c13b44d6b2b58a472ff769bd042bfdda2852c4b2e85f6934d22bc0869e7e6380f4f75e42fb15cb0af562

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe

Filesize
184KB

MD5
e0f7e2c328b9c688fea01df1391d9641

SHA1
33b39bb2d208297fd3a381cfe1e5a4bfd02c28c3

SHA256
21899b8c35846d7bb1edf11bc22f54ffc174c5acab2fc00e187756a34a5e283c

SHA512
5d583ddb00a6d443d7e23113b020c2a0e9d790027fab18aea26c9d9b41e58d546b45295f6dc4aa0f63be08fcb2d65f6c220dc732458ce4062d1271ac128baaeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe

Filesize
184KB

MD5
2d25273e99ca1a2af036ed591b1f92fb

SHA1
fe72853a5ba2bdf1c0783237e24f592f690fc712

SHA256
9ef08f42c75365393539689acf2d4bc8d22ad102df60790e7b8de675bf603fe1

SHA512
0c1930c3ca7acff163d3f0fac45c6f0e3d60a5b2a81ae2eda20665299fc8f60f67785d2f0e36de5ab54d299432d0f7d33b22da5c832fa20d3e40f07da796100f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe

Filesize
184KB

MD5
4926125b7a85835e75a69d13dcc83110

SHA1
bb36dc53fbb772b2aadcafbe2ebf5a3575ff22c2

SHA256
22d14c275c6719d887ab77db60a15ecb11cc0880e0c92807b6aef539590017f8

SHA512
b0b754462012c4f3ec71c6bc226a94b92ca1f80fd120a4d92cdc7cf2937c46aa9f1a12d2ba4b2808c60fc8872e76569944b3fd2b7b17a7b12ad1969b559fad6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe

Filesize
184KB

MD5
f8a07c086eb3cdf14baa79ca1ac25b34

SHA1
5c0a40eee94707fcd1d895319974e0dcb7c1ef09

SHA256
55411261f1776399164f5a9c01920ea25ca5ceecccaeb3fad1904a8a43bc64db

SHA512
2fb7bd8e345302f42117f7ebd439bae99d92a498f8260438f09e65a59f4a64673abbdbdb77a371fdd5e29131f7cce6911c8b9df1f999cc5c0885d161fb82d54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe

Filesize
184KB

MD5
dc229f2b437b64caa5c21a8a3ca87704

SHA1
6f44110cf3eaf2bcc0ad82b4b373b25966e08341

SHA256
daefe98e301379b2f84ca39371a2dd00aef5921125fe68767414d6106d3b4278

SHA512
fd1974351ac37952fecc11b526634bf37eff7cdcb7029b54da95cb574528f02f88ec4109f028e06b25445fbc141a63496b8ec1c0af6189828b3806fb946eab44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe

Filesize
184KB

MD5
e8e3d284dd62734a31cd8175be1dfe2e

SHA1
5001662ec79aa2383bb064dd7eb03fd3b3aaddcc

SHA256
6c27401054ced2c6efa77cd41e3939b0abf5258d7df1f7b0f9f6c58c2e84950b

SHA512
ab2da4f614a7612e835c1444821c91ee8974ad5d5a4942df700f2710f9e25aa421e4fe82eec5f88c290009d44fe5942d03a02d1a870af92d4540ea43edf85d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe

Filesize
184KB

MD5
c101a08ac2002d7576ac8547892e808e

SHA1
80cedfe82f2ef363e7e92b515d0570642def34f5

SHA256
40c0c880176a8a1bdc64d5d3ecdd44ce336abe14a6077563ccd51ce71039e7e0

SHA512
7ba71013792dc13b72acc30a0f7378b52394f0f9e31992772dfd5884e3b2f8f77e36849ea987e650ba73bffd30d6aef27b5eefa95773911e6d7a7685dc6f6258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe

Filesize
184KB

MD5
715e0c373c2efac7ccd7fe935b510764

SHA1
a9f91a9beef57cb02a63e88cae59f3d67212ceac

SHA256
a40340c965eaf8bfeb9b5faa65a6fc158899b248e1a284c49a9e55be8c8ecb60

SHA512
acbe43b1892c0cd2464b9f324e8a8bff30a1a129daedc6b04e6a51b414ebc527a7e422805232e72ebdb98f7972806ac8d497211713dd8e37455d78605778f35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe

Filesize
184KB

MD5
4140822fc87fb89c3111ecc4351fc1d4

SHA1
3ecf8fbb00569e01801c062edaba6c4956a0d238

SHA256
fc93ebabcd0f908e60ee9b60fd59b1c2a823ef9232f06576c585b17158bd1862

SHA512
c79accb1822a0544256381c62248c9ce4ba44360eb699d608731a02ac51168238509a8d40ef8c20944bd6b7d6d6bb00df0e7362353590cec7ca98533272b1cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe

Filesize
184KB

MD5
19af2379a8cd97c5f693ab304d7c17b9

SHA1
c747ea02e5996698f19688e0d9bf43ab5f56c849

SHA256
fb236d8c38d2e68bb6053987eff2d6e013336f13bb6f4d072756f042b804f59b

SHA512
59b18d5bc58115903a9b0a2d51d135325d157e5505101a3fc82755ac8a7cf58eff3e4bcc1494e5cc880686583a3a4c21db785ca6ea39a27498a1545449a85508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe

Filesize
184KB

MD5
ba0d7a3f0236b3134600b156e2d948d9

SHA1
531e4b01109ccd1dde1bc7f259130cacf0344ee9

SHA256
2f33b21ad2cd9553b10fc18a8118dff07f2d78e2e0f9ce30e1da84abd3f04c3a

SHA512
6a171c0128d1e29b21fbfbf89e0a97434651d21d5de2eb55bb77f18a6217a587ca4e3dcd57ddab4af87cdd564528cf1901db3b4c2bab31a9b1c4485bf52d0722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe

Filesize
184KB

MD5
3bce41a2dc998578408bef26b40a6ae2

SHA1
74e361d01e735c9f7b3e553867e249b31788c757

SHA256
f737c3756be290ce6d643779d1ff009db3ac990103e5ec47270d652313db06b0

SHA512
6274f0f788e48d62b93a6540624ac4551810ab5bacbaf1614c80fe17fe83e3b6246395309aa1dbc353b4af7c61fce547a2832e8baeb8dec2c14e6d85e07ea0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe

Filesize
184KB

MD5
e944d7b723df60b48b46cbfcdeb7b539

SHA1
f787bdadc98c0f0356e559d4ec04235061f26910

SHA256
84a7c703ad6a32b80b71e48dc4184e9f96a4c192ec869a6b128f0ab35396cbc7

SHA512
3decf9a1f74902d24c4ef251fb56e967359fc3c87e5aebe86370b66235db16526583619d2ccdfeadab99660bd75a5108f6e2251842606678fb99c1dfe7a82c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe

Filesize
184KB

MD5
824491799373e15e47e6e99753284640

SHA1
4fc6b0da6202b6d6c4ac77f24e7d05be321b0718

SHA256
f7fef019d70b9c7fdfbae8641e000d0695b664a78c23919bcb4ce441484b522d

SHA512
a05deb074f92f44f47735c0cde470b78e7c4b0124dab4aa301b717c35e08a98e7b350d901139fd2df33f243282f6c345f09cccee519eea581d5ee62df053054e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe

Filesize
184KB

MD5
ba45ad445980fc10a02a878c18780404

SHA1
53bdddd450445c85480725cc4965bf8457e0b709

SHA256
22b1ec1b2c81511d51261e58ee6de2d8520ab71c4acb196e6096dacd7044fd91

SHA512
58e3d244bc1745315153060172e8b4962d8de5d5c515d2c489b97099229d4d4565e32962a0d364f3469309938af306baabf3965c224f3e420b1995934f466f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe

Filesize
184KB

MD5
7ba87229ac0f2c97c5c2835f44b3942a

SHA1
642f8d88bbdaccc5d746a3782e3cb103573c3009

SHA256
52aa16adc60bd6258e4b81c4bdd10a315250b7d585ccce75251040676d427a3f

SHA512
abf1831f516a354524e3c93084beaedc8b8373a2f15475205e97001949d12ea26fb08371fe6e79966cac4fe6e1f7a296d16c2bd44fae635603a3791d9e6a5305

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe

Filesize
184KB

MD5
6e54b0fb5d3cfe89356dd60b8b0e0c6e

SHA1
931dffbc9f870cfc94255644594fe870f71a77a9

SHA256
58ff82455c47b2ec6c5fb7434ab440121073ec34d751d9b50ba09f7c17f1a6fb

SHA512
ab339f79ae49b58c3ad61aeffd05bf9294c9af1fb1de21b46f5678e73f2a48971f9ee6e3b66da693299726d124ecf6525d0aef681fa5013189601e4da7e42891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe

Filesize
184KB

MD5
697e005c125713c7c510db4e4942fa8a

SHA1
7dd1dd63ea289973947eea6e3df9a1518991ea0d

SHA256
c51f21b27dbb55dbc0e2cb7a4959823236b2f7afbba63901da96cbf9be8be8f9

SHA512
af5c462035e55638d1c5618d0249aff9431510f8cd2898be2c0a2148e94cfef2d977895b39707f3cd530d2e5fb1bd9125240cbd06dcdcf20e874b55b60fc998e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe

Filesize
184KB

MD5
814fb190e2402dcca356a4422d12fb34

SHA1
fd22b75fc14fae1fc3f411d12338320da0bee9b6

SHA256
257fbf3c21ed88642d3a69bbc6521d8f22cde8551a3f85b5c7532cba0333c029

SHA512
996bdd6f1a72a77bd66f852d8eb74e13eb87620bf926e991192af4556e7811160960f52f6a54a4305e1445d2a82b4bc1b063fa2b0d810442a59e8b29df03cb4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe

Filesize
184KB

MD5
e7149e7bb45378ed7413b1a50e73c0d1

SHA1
4a7766b114a57921a9f5951ea0db1098d4724eb5

SHA256
12a2546806829fcf71dbdbbb5d7f07eaad2a711e4111a2e1b446f5d7bd5502cc

SHA512
7b3302af4f2d60f9c7629ee3975e56f98aa112d2e1b0c142e7efc4d3efd2a4055431dccf3ff4e1e4e17b9de8a7704620e65ac02bcc6151b6712dc456853b32f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65143.exe

Filesize
184KB

MD5
9d7c61b88acd25d74cf8c6a56230ff11

SHA1
2da6519f2798b49e59045b2cf2e6353e34c064c2

SHA256
18f7248464961290641d8ddbef49b0fd77937c53b3d69e3080a1c181dac06d75

SHA512
acb23ddf0a498434688075826b5d45c39bc8addacf108596c3a13ada9c16cbd09dbb15cb9faf82fe3cf5a6e09275f8be7d59c000596f6f227fa27aea7c646639

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe

Filesize
184KB

MD5
ff9b16d865ffc8206bd2dc7c8b359cd5

SHA1
06f789dafd31fd54904cb342553b9296e7cad7a0

SHA256
c643ed5688b866587f43d6bcdade3c9e28db0300838fcdf6641e7bbb515a6159

SHA512
a33f5d051054ca93f50ce40449e86314d1b12b5e54729071f1309d011d788a9a0d96783f1e48ff9d977f4a19669e6305f8b502a78d6d6f7d7147c97a86462385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe

Filesize
184KB

MD5
6799ad931036e9351e4ee7a293eeaee1

SHA1
4fe4d4df281f628a8b9c81b57a3b06780f3af3c3

SHA256
e9126eb667a54709a7d52ef345182a43be6b1ea4f85a2eed1f2bef98c609c22f

SHA512
146ea5fecc5fd9cde83d76d0abcb9f92ee0b49d1b9264d32c02e014052b8f0d8088d5d3caef381eed78682203f7f0f1be7a79801a52572a579fd990063e96be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe

Filesize
184KB

MD5
8228fe9068f730308dfee07271ef0e62

SHA1
7aaedb1db524591de6d36498efb74d2d47cd7b70

SHA256
f2b49a3eee8effee7268c060425839ff78387d4c8c51d93ea4d9c7846fc0ff97

SHA512
de9de04bced02d4fc9a65098b6f89b70a9453f436c8ef123e9ca93707c9235586deab4ed085137ee90df0220f521d796ae7aa738d8fef18569d5f206dbccb93d

Download Submit