ba173e8ad66cba70df6e88b88d3306ab0b4e32551f651312b78b9290bdae813e

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70d52c345829ee3324c592ad2b5ce1f0N.exe
Size

184KB
MD5

70d52c345829ee3324c592ad2b5ce1f0
SHA1

1103172a0199ddc122cdf3840cbef7a22efaccbf
SHA256

ba173e8ad66cba70df6e88b88d3306ab0b4e32551f651312b78b9290bdae813e
SHA512

5b840f7fcf8933c5032e99ef6215bcb79ea6942a65e30ee861a8cd730254263f96bb1fae780aec98f08116977d76bfa96b65a70fc96d2ec68b45f660c57aefb0
SSDEEP

3072:d9U9ZToH8VrCdOd4kds/8NoailvhqnxFuo:d9soeuOdG82ail5qnxFu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
824	Unicorn-8833.exe
4636	Unicorn-22290.exe
3064	Unicorn-51049.exe
4204	Unicorn-38738.exe
3548	Unicorn-6257.exe
1788	Unicorn-51929.exe
4780	Unicorn-25682.exe
4156	Unicorn-25874.exe
3444	Unicorn-25874.exe
2036	Unicorn-21768.exe
644	Unicorn-5121.exe
4876	Unicorn-1592.exe
5016	Unicorn-7809.exe
2820	Unicorn-7809.exe
3524	Unicorn-20616.exe
4288	Unicorn-4280.exe
4148	Unicorn-57202.exe
2704	Unicorn-23861.exe
700	Unicorn-21592.exe
1392	Unicorn-23093.exe
3360	Unicorn-9937.exe
2752	Unicorn-10129.exe
3880	Unicorn-10129.exe
4632	Unicorn-58754.exe
1536	Unicorn-58754.exe
3300	Unicorn-6024.exe
2924	Unicorn-4945.exe
4348	Unicorn-18136.exe
1480	Unicorn-5137.exe
4648	Unicorn-59525.exe
3320	Unicorn-6795.exe
4556	Unicorn-25509.exe
3452	Unicorn-5835.exe
532	Unicorn-27813.exe
4024	Unicorn-11476.exe
1788	Unicorn-11476.exe
4164	Unicorn-44533.exe
4824	Unicorn-44533.exe
4068	Unicorn-40427.exe
3032	Unicorn-40427.exe
1960	Unicorn-40427.exe
4808	Unicorn-40427.exe
2428	Unicorn-23397.exe
4460	Unicorn-2955.exe
5104	Unicorn-55877.exe
4964	Unicorn-52348.exe
2168	Unicorn-39157.exe
1500	Unicorn-6292.exe
4064	Unicorn-51964.exe
2184	Unicorn-8596.exe
544	Unicorn-8020.exe
1096	Unicorn-53692.exe
5056	Unicorn-48773.exe
2312	Unicorn-15909.exe
2268	Unicorn-15909.exe
1976	Unicorn-48965.exe
4060	Unicorn-32629.exe
4904	Unicorn-65301.exe
3188	Unicorn-61196.exe
3524	Unicorn-61196.exe
856	Unicorn-12379.exe
2404	Unicorn-37371.exe
2332	Unicorn-40133.exe
1496	Unicorn-39099.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4368	3064	WerFault.exe	93
4504	3064	WerFault.exe	93
856	4204	WerFault.exe	95
3196	1788	WerFault.exe	97
3368	3548	WerFault.exe	96
4852	4204	WerFault.exe	95
3580	3548	WerFault.exe	96
2168	1788	WerFault.exe	97
4168	2036	WerFault.exe	103
2380	4156	WerFault.exe	101
2268	3444	WerFault.exe	102
3228	2036	WerFault.exe	103
4300	4156	WerFault.exe	101
1504	3444	WerFault.exe	102
3440	2820	WerFault.exe	112
4168	4148	WerFault.exe	115
4484	5016	WerFault.exe	111
3064	3524	WerFault.exe	113
4840	2820	WerFault.exe	112
2036	4148	WerFault.exe	115
2852	3524	WerFault.exe	113
3444	5016	WerFault.exe	111
3440	700	WerFault.exe	129
2236	3360	WerFault.exe	131
2380	1392	WerFault.exe	130
5024	700	WerFault.exe	129
1972	3300	WerFault.exe	136
4720	3360	WerFault.exe	131
1212	4632	WerFault.exe	134
2864	3300	WerFault.exe	136
3736	4632	WerFault.exe	134
1392	4348	WerFault.exe	150
3856	4348	WerFault.exe	150
1204	3320	WerFault.exe	153
4412	3452	WerFault.exe	155
5168	4904	WerFault.exe	203
5188	4068	WerFault.exe	163
5964	1960	WerFault.exe	161
5944	1788	WerFault.exe	158
6088	4164	WerFault.exe	159
2624	3320	WerFault.exe	153
3112	2168	WerFault.exe	185
5228	4964	WerFault.exe	184
6092	2184	WerFault.exe	188
5736	5104	WerFault.exe	183
6944	544	WerFault.exe	190
6804	3524	WerFault.exe	205
7028	2268	WerFault.exe	199
3152	1496	WerFault.exe	227
7212	3256	WerFault.exe	240
7676	5232	WerFault.exe	268
8012	3300	WerFault.exe	250
7900	5288	WerFault.exe	270
8632	3256	WerFault.exe	240
5912	2116	WerFault.exe	337
8804	5668	WerFault.exe	285
9212	5600	WerFault.exe	282
8848	5296	WerFault.exe	305
8960	5956	WerFault.exe	326
9508	8156	WerFault.exe	510
9668	6040	WerFault.exe	327
11248	2236	WerFault.exe	575
10148	2052	WerFault.exe	342
11020	316	WerFault.exe	352

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	70d52c345829ee3324c592ad2b5ce1f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11476.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3504	70d52c345829ee3324c592ad2b5ce1f0N.exe
824	Unicorn-8833.exe
4636	Unicorn-22290.exe
3064	Unicorn-51049.exe
4204	Unicorn-38738.exe
1788	Unicorn-51929.exe
3548	Unicorn-6257.exe
4780	Unicorn-25682.exe
4156	Unicorn-25874.exe
3444	Unicorn-25874.exe
2036	Unicorn-21768.exe
644	Unicorn-5121.exe
4876	Unicorn-1592.exe
2820	Unicorn-7809.exe
3524	Unicorn-20616.exe
5016	Unicorn-7809.exe
4148	Unicorn-57202.exe
4288	Unicorn-4280.exe
2704	Unicorn-23861.exe
700	Unicorn-21592.exe
1392	Unicorn-23093.exe
3360	Unicorn-9937.exe
3880	Unicorn-10129.exe
4632	Unicorn-58754.exe
2752	Unicorn-10129.exe
1536	Unicorn-58754.exe
3300	Unicorn-6024.exe
2924	Unicorn-4945.exe
4348	Unicorn-18136.exe
1480	Unicorn-5137.exe
4648	Unicorn-59525.exe
3320	Unicorn-6795.exe
4556	Unicorn-25509.exe
3452	Unicorn-5835.exe
4024	Unicorn-11476.exe
1788	Unicorn-11476.exe
532	Unicorn-27813.exe
4824	Unicorn-44533.exe
4164	Unicorn-44533.exe
4808	Unicorn-40427.exe
1960	Unicorn-40427.exe
4068	Unicorn-40427.exe
3032	Unicorn-40427.exe
2428	Unicorn-23397.exe
4460	Unicorn-2955.exe
5104	Unicorn-55877.exe
4964	Unicorn-52348.exe
2168	Unicorn-39157.exe
4064	Unicorn-51964.exe
1500	Unicorn-6292.exe
2184	Unicorn-8596.exe
544	Unicorn-8020.exe
1096	Unicorn-53692.exe
5056	Unicorn-48773.exe
2268	Unicorn-15909.exe
2312	Unicorn-15909.exe
1976	Unicorn-48965.exe
4060	Unicorn-32629.exe
4904	Unicorn-65301.exe
856	Unicorn-12379.exe
3188	Unicorn-61196.exe
3524	Unicorn-61196.exe
2404	Unicorn-37371.exe
2332	Unicorn-40133.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 824	3504	70d52c345829ee3324c592ad2b5ce1f0N.exe	89
PID 3504 wrote to memory of 824	3504	70d52c345829ee3324c592ad2b5ce1f0N.exe	89
PID 3504 wrote to memory of 824	3504	70d52c345829ee3324c592ad2b5ce1f0N.exe	89
PID 824 wrote to memory of 4636	824	Unicorn-8833.exe	92
PID 824 wrote to memory of 4636	824	Unicorn-8833.exe	92
PID 824 wrote to memory of 4636	824	Unicorn-8833.exe	92
PID 3504 wrote to memory of 3064	3504	70d52c345829ee3324c592ad2b5ce1f0N.exe	93
PID 3504 wrote to memory of 3064	3504	70d52c345829ee3324c592ad2b5ce1f0N.exe	93
PID 3504 wrote to memory of 3064	3504	70d52c345829ee3324c592ad2b5ce1f0N.exe	93
PID 4636 wrote to memory of 4204	4636	Unicorn-22290.exe	95
PID 4636 wrote to memory of 4204	4636	Unicorn-22290.exe	95
PID 4636 wrote to memory of 4204	4636	Unicorn-22290.exe	95
PID 3064 wrote to memory of 3548	3064	Unicorn-51049.exe	96
PID 3064 wrote to memory of 3548	3064	Unicorn-51049.exe	96
PID 3064 wrote to memory of 3548	3064	Unicorn-51049.exe	96
PID 824 wrote to memory of 1788	824	Unicorn-8833.exe	97
PID 824 wrote to memory of 1788	824	Unicorn-8833.exe	97
PID 824 wrote to memory of 1788	824	Unicorn-8833.exe	97
PID 4204 wrote to memory of 4780	4204	Unicorn-38738.exe	100
PID 4204 wrote to memory of 4780	4204	Unicorn-38738.exe	100
PID 4204 wrote to memory of 4780	4204	Unicorn-38738.exe	100
PID 3548 wrote to memory of 4156	3548	Unicorn-6257.exe	101
PID 3548 wrote to memory of 4156	3548	Unicorn-6257.exe	101
PID 3548 wrote to memory of 4156	3548	Unicorn-6257.exe	101
PID 1788 wrote to memory of 3444	1788	Unicorn-51929.exe	102
PID 1788 wrote to memory of 3444	1788	Unicorn-51929.exe	102
PID 1788 wrote to memory of 3444	1788	Unicorn-51929.exe	102
PID 3064 wrote to memory of 2036	3064	Unicorn-51049.exe	103
PID 3064 wrote to memory of 2036	3064	Unicorn-51049.exe	103
PID 3064 wrote to memory of 2036	3064	Unicorn-51049.exe	103
PID 4780 wrote to memory of 644	4780	Unicorn-25682.exe	109
PID 4780 wrote to memory of 644	4780	Unicorn-25682.exe	109
PID 4780 wrote to memory of 644	4780	Unicorn-25682.exe	109
PID 4204 wrote to memory of 4876	4204	Unicorn-38738.exe	110
PID 4204 wrote to memory of 4876	4204	Unicorn-38738.exe	110
PID 4204 wrote to memory of 4876	4204	Unicorn-38738.exe	110
PID 4156 wrote to memory of 5016	4156	Unicorn-25874.exe	111
PID 4156 wrote to memory of 5016	4156	Unicorn-25874.exe	111
PID 4156 wrote to memory of 5016	4156	Unicorn-25874.exe	111
PID 3444 wrote to memory of 2820	3444	Unicorn-25874.exe	112
PID 3444 wrote to memory of 2820	3444	Unicorn-25874.exe	112
PID 3444 wrote to memory of 2820	3444	Unicorn-25874.exe	112
PID 1788 wrote to memory of 3524	1788	Unicorn-51929.exe	113
PID 1788 wrote to memory of 3524	1788	Unicorn-51929.exe	113
PID 1788 wrote to memory of 3524	1788	Unicorn-51929.exe	113
PID 3548 wrote to memory of 4288	3548	Unicorn-6257.exe	114
PID 3548 wrote to memory of 4288	3548	Unicorn-6257.exe	114
PID 3548 wrote to memory of 4288	3548	Unicorn-6257.exe	114
PID 2036 wrote to memory of 4148	2036	Unicorn-21768.exe	115
PID 2036 wrote to memory of 4148	2036	Unicorn-21768.exe	115
PID 2036 wrote to memory of 4148	2036	Unicorn-21768.exe	115
PID 644 wrote to memory of 2704	644	Unicorn-5121.exe	128
PID 644 wrote to memory of 2704	644	Unicorn-5121.exe	128
PID 644 wrote to memory of 2704	644	Unicorn-5121.exe	128
PID 4780 wrote to memory of 700	4780	Unicorn-25682.exe	129
PID 4780 wrote to memory of 700	4780	Unicorn-25682.exe	129
PID 4780 wrote to memory of 700	4780	Unicorn-25682.exe	129
PID 4876 wrote to memory of 1392	4876	Unicorn-1592.exe	130
PID 4876 wrote to memory of 1392	4876	Unicorn-1592.exe	130
PID 4876 wrote to memory of 1392	4876	Unicorn-1592.exe	130
PID 2820 wrote to memory of 3360	2820	Unicorn-7809.exe	131
PID 2820 wrote to memory of 3360	2820	Unicorn-7809.exe	131
PID 2820 wrote to memory of 3360	2820	Unicorn-7809.exe	131
PID 4148 wrote to memory of 2752	4148	Unicorn-57202.exe	132

C:\Users\Admin\AppData\Local\Temp\70d52c345829ee3324c592ad2b5ce1f0N.exe
"C:\Users\Admin\AppData\Local\Temp\70d52c345829ee3324c592ad2b5ce1f0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        12⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        13⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
        14⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        14⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        13⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 636
        12⤵
        Program crash
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 632
        11⤵
        Program crash
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        11⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
        12⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        13⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        14⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        13⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        12⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        13⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42930.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        12⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
        13⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        14⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        14⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        12⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        13⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 724
        12⤵
        Program crash
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        12⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        13⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        13⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        11⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        12⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        13⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        13⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        11⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
        12⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        12⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        11⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        12⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39381.exe
        11⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
        12⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        13⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        14⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        14⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        13⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        12⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47788.exe
        13⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 772
        11⤵
        Program crash
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        12⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        13⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        14⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
        13⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        12⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        11⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        12⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        11⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        12⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        13⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        13⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        12⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        11⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        12⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        13⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        12⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        11⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        12⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31717.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        12⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55509.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        12⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        13⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        14⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        13⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        12⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        12⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        11⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        12⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        12⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        11⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        11⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
        12⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        13⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        11⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        12⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        10⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        11⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 724
        9⤵
        Program crash
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 720
        8⤵
        Program crash
        
        PID:1392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 720
        8⤵
        Program crash
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21592.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        12⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        13⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        14⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        14⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        13⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        12⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        13⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42789.exe
        12⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        13⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        12⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 748
        11⤵
        Program crash
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        12⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        13⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        13⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        10⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        11⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        12⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        12⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        11⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 624
        9⤵
        Program crash
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
        10⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        11⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        12⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        12⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 656
        10⤵
        Program crash
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        11⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        12⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        12⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        11⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        11⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        12⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        11⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        12⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        12⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        11⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        12⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        12⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        11⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        11⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        10⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        11⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        12⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        11⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        11⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        10⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 724
        8⤵
        Program crash
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 716
        7⤵
        Program crash
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 716
        7⤵
        Program crash
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        11⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        12⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27349.exe
        13⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        13⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        12⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        11⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
        12⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        13⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        14⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        13⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        12⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        11⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        12⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        12⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        12⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        12⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        11⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 768
        9⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        11⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        12⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        11⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        11⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 724
        9⤵
        Program crash
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 724
        9⤵
        Program crash
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        9⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 708
        7⤵
        Program crash
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        10⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        12⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        13⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        11⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        11⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        11⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        9⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        10⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        12⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        12⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        11⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        10⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        12⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        11⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        9⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-116.exe
        10⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 632
        11⤵
        Program crash
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
        10⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        10⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        12⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        11⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        11⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        10⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        11⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        11⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        10⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 716
        7⤵
        Program crash
        
        PID:1204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 748
        7⤵
        Program crash
        
        PID:2624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 724
        5⤵
        Program crash
        
        PID:856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 724
        5⤵
        Program crash
        
        PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        12⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        13⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        13⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        11⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        12⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        12⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 616
        9⤵
        Program crash
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
        11⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        12⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        11⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        10⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 744
        10⤵
        Program crash
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10724.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        10⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        11⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        13⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        14⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        13⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        11⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        12⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        10⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        11⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        12⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52476.exe
        11⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 640
        10⤵
        Program crash
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        9⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        11⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        12⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        10⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        11⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        11⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        11⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        10⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        10⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 740
        7⤵
        Program crash
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 740
        7⤵
        Program crash
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        9⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
        10⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
        11⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
        11⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 740
        8⤵
        Program crash
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        9⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        11⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        11⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        10⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21003.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        10⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
        10⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 724
        7⤵
        Program crash
        
        PID:4412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 696
        6⤵
        Program crash
        
        PID:3440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 752
        6⤵
        Program crash
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        9⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
        12⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        11⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        7⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        9⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        10⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        11⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        10⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        8⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        9⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        10⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2107.exe
        9⤵
        
        PID:940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 628
        6⤵
        Program crash
        
        PID:1972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 628
        6⤵
        Program crash
        
        PID:2864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 744
        5⤵
        Program crash
        
        PID:2268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 784
        5⤵
        Program crash
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        10⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        11⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        9⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        10⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
        9⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        10⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        11⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        10⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        9⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        10⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        10⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        8⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        9⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        10⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        9⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        8⤵
        
        PID:5964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 720
        6⤵
        Program crash
        
        PID:5964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 652
        5⤵
        Program crash
        
        PID:3064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 656
        5⤵
        Program crash
        
        PID:2852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 716
      4⤵
      Program crash
      PID:3196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 716
      4⤵
      Program crash
      PID:2168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        11⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        12⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        13⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        14⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        13⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        12⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        13⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
        10⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        11⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 624
        12⤵
        Program crash
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 716
        10⤵
        Program crash
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        9⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        10⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        11⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        12⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        13⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        12⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 748
        9⤵
        Program crash
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        10⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        11⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        12⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        11⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 656
        8⤵
        Program crash
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        12⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        11⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        9⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        10⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        11⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
        10⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        9⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        10⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        10⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 632
        8⤵
        Program crash
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 724
        8⤵
        Program crash
        
        PID:5168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 652
        6⤵
        Program crash
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 624
        6⤵
        Program crash
        
        PID:3444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 608
        5⤵
        Program crash
        
        PID:2380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 644
        5⤵
        Program crash
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        9⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        11⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
        11⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        11⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        11⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21323.exe
        10⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29077.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        11⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        10⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        10⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        11⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        11⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21298.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        11⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 672
        9⤵
        Program crash
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9819.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        9⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        10⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 468
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        9⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        10⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 720
        7⤵
        Program crash
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        9⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        10⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        11⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        11⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
        9⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        10⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47653.exe
        11⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        8⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        11⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        10⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        10⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        9⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        9⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 632
        8⤵
        Program crash
        
        PID:9668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 628
        6⤵
        Program crash
        
        PID:1212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 628
        6⤵
        Program crash
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54444.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11220.exe
        10⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        8⤵
        
        PID:8896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 740
      4⤵
      Program crash
      PID:3368
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 740
      4⤵
      Program crash
      PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        11⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        12⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        11⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        11⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        10⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        10⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        9⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21298.exe
        10⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        10⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        10⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38229.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        10⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        12⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
        11⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        10⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        9⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        10⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        11⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        10⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        9⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        11⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        10⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        9⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        7⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        10⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        11⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        9⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        11⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:3060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 668
        6⤵
        Program crash
        
        PID:5188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 636
        5⤵
        Program crash
        
        PID:4168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 636
        5⤵
        Program crash
        
        PID:2036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 736
      4⤵
      Program crash
      PID:4168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 736
      4⤵
      Program crash
      PID:3228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 740
    3⤵
    - Program crash
    PID:4368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 556
    3⤵
    - Program crash
    PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3064 -ip 3064
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3064 -ip 3064
1⤵
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4204 -ip 4204
1⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3548 -ip 3548
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1788 -ip 1788
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4204 -ip 4204
1⤵
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3548 -ip 3548
1⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1788 -ip 1788
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 2036 -ip 2036
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4156 -ip 4156
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3444 -ip 3444
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2036 -ip 2036
1⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4156 -ip 4156
1⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3444 -ip 3444
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2820 -ip 2820
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3524 -ip 3524
1⤵
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4148 -ip 4148
1⤵
PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5016 -ip 5016
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2820 -ip 2820
1⤵
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4148 -ip 4148
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3524 -ip 3524
1⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5016 -ip 5016
1⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 700 -ip 700
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1392 -ip 1392
1⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3360 -ip 3360
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 700 -ip 700
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3300 -ip 3300
1⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1536 -ip 1536
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1536 -ip 1536
1⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4632 -ip 4632
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3360 -ip 3360
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3880 -ip 3880
1⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1392 -ip 1392
1⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2752 -ip 2752
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3880 -ip 3880
1⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2752 -ip 2752
1⤵
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3300 -ip 3300
1⤵
PID:792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4632 -ip 4632
1⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4348 -ip 4348
1⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4348 -ip 4348
1⤵
PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3320 -ip 3320
1⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3452 -ip 3452
1⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4904 -ip 4904
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4068 -ip 4068
1⤵
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4824 -ip 4824
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3032 -ip 3032
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1960 -ip 1960
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4824 -ip 4824
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1788 -ip 1788
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4164 -ip 4164
1⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 532 -ip 532
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3032 -ip 3032
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1960 -ip 1960
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1788 -ip 1788
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4164 -ip 4164
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 532 -ip 532
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3452 -ip 3452
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 3320 -ip 3320
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4068 -ip 4068
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4964 -ip 4964
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2184 -ip 2184
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5104 -ip 5104
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4964 -ip 4964
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2168 -ip 2168
1⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 2184 -ip 2184
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5104 -ip 5104
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1096 -ip 1096
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4060 -ip 4060
1⤵
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1096 -ip 1096
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 544 -ip 544
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4060 -ip 4060
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3524 -ip 3524
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 544 -ip 544
1⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2268 -ip 2268
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5056 -ip 5056
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2312 -ip 2312
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 856 -ip 856
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2332 -ip 2332
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2168 -ip 2168
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1976 -ip 1976
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5056 -ip 5056
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 2312 -ip 2312
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 2332 -ip 2332
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1976 -ip 1976
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 856 -ip 856
1⤵
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 412 -ip 412
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 1496 -ip 1496
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 412 -ip 412
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5232 -ip 5232
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3964 -ip 3964
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3256 -ip 3256
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3880 -ip 3880
1⤵
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4272 -ip 4272
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3432 -ip 3432
1⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3840 -ip 3840
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5684 -ip 5684
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5232 -ip 5232
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 7092 -ip 7092
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4888 -ip 4888
1⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3524 -ip 3524
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3964 -ip 3964
1⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 4272 -ip 4272
1⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3432 -ip 3432
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3880 -ip 3880
1⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5780 -ip 5780
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2268 -ip 2268
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3840 -ip 3840
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1368 -ip 1368
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5100 -ip 5100
1⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4888 -ip 4888
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6160 -ip 6160
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1748 -ip 1748
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 5160 -ip 5160
1⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5288 -ip 5288
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1368 -ip 1368
1⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5100 -ip 5100
1⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 4972 -ip 4972
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3300 -ip 3300
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6056 -ip 6056
1⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6160 -ip 6160
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2156 -ip 2156
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5316 -ip 5316
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6100 -ip 6100
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1748 -ip 1748
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5780 -ip 5780
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2324 -ip 2324
1⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5496 -ip 5496
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5160 -ip 5160
1⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5288 -ip 5288
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4972 -ip 4972
1⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1496 -ip 1496
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5772 -ip 5772
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2156 -ip 2156
1⤵
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5316 -ip 5316
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6056 -ip 6056
1⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5644 -ip 5644
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6048 -ip 6048
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6100 -ip 6100
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5732 -ip 5732
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 2324 -ip 2324
1⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5496 -ip 5496
1⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6008 -ip 6008
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5408 -ip 5408
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2116 -ip 2116
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1628 -ip 1628
1⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3256 -ip 3256
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5772 -ip 5772
1⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5352 -ip 5352
1⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 232 -ip 232
1⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5644 -ip 5644
1⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6048 -ip 6048
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5732 -ip 5732
1⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3060 -ip 3060
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6008 -ip 6008
1⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5304 -ip 5304
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5704 -ip 5704
1⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1628 -ip 1628
1⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5480 -ip 5480
1⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5408 -ip 5408
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5600 -ip 5600
1⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2116 -ip 2116
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5352 -ip 5352
1⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 232 -ip 232
1⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3060 -ip 3060
1⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5304 -ip 5304
1⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5704 -ip 5704
1⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5668 -ip 5668
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5296 -ip 5296
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5480 -ip 5480
1⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3300 -ip 3300
1⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6064 -ip 6064
1⤵
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6368 -ip 6368
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5964 -ip 5964
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5956 -ip 5956
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 5572 -ip 5572
1⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 8056 -ip 8056
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8156 -ip 8156
1⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5296 -ip 5296
1⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 6064 -ip 6064
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5964 -ip 5964
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6368 -ip 6368
1⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5032 -ip 5032
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5956 -ip 5956
1⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5572 -ip 5572
1⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 8056 -ip 8056
1⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5512 -ip 5512
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 8156 -ip 8156
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5804 -ip 5804
1⤵
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5508 -ip 5508
1⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5600 -ip 5600
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5212 -ip 5212
1⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5032 -ip 5032
1⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5456 -ip 5456
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5512 -ip 5512
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5800 -ip 5800
1⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5436 -ip 5436
1⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3560 -ip 3560
1⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5804 -ip 5804
1⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6040 -ip 6040
1⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5860 -ip 5860
1⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 5508 -ip 5508
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5212 -ip 5212
1⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5800 -ip 5800
1⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5436 -ip 5436
1⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5472 -ip 5472
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2160 -ip 2160
1⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5456 -ip 5456
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6040 -ip 6040
1⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3560 -ip 3560
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6168 -ip 6168
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5424 -ip 5424
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6732 -ip 6732
1⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5792 -ip 5792
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5860 -ip 5860
1⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2832 -ip 2832
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5472 -ip 5472
1⤵
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2160 -ip 2160
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5136 -ip 5136
1⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5668 -ip 5668
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2236 -ip 2236
1⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5424 -ip 5424
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6384 -ip 6384
1⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5056 -ip 5056
1⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6204 -ip 6204
1⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5200 -ip 5200
1⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6812 -ip 6812
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6500 -ip 6500
1⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2168 -ip 2168
1⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6436 -ip 6436
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5388 -ip 5388
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5868 -ip 5868
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5792 -ip 5792
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6168 -ip 6168
1⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6732 -ip 6732
1⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5204 -ip 5204
1⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2052 -ip 2052
1⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5160 -ip 5160
1⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2832 -ip 2832
1⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6216 -ip 6216
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5204 -ip 5204
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2308 -ip 2308
1⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5136 -ip 5136
1⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 316 -ip 316
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6212 -ip 6212
1⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6264 -ip 6264
1⤵
PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6508 -ip 6508
1⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6644 -ip 6644
1⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6724 -ip 6724
1⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 640 -ip 640
1⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6500 -ip 6500
1⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6528 -ip 6528
1⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6436 -ip 6436
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2168 -ip 2168
1⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4060 -ip 4060
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5388 -ip 5388
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5524 -ip 5524
1⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5868 -ip 5868
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5160 -ip 5160
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 8148 -ip 8148
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6216 -ip 6216
1⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7080 -ip 7080
1⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 8000 -ip 8000
1⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2308 -ip 2308
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 7500 -ip 7500
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 8092 -ip 8092
1⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3604 -ip 3604
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 528 -ip 528
1⤵
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6264 -ip 6264
1⤵
PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6080 -ip 6080
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3472 -ip 3472
1⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6176 -ip 6176
1⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6184 -ip 6184
1⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6916 -ip 6916
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6516 -ip 6516
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6524 -ip 6524
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 1204 -ip 1204
1⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6208 -ip 6208
1⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6192 -ip 6192
1⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7100 -ip 7100
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6392 -ip 6392
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6696 -ip 6696
1⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6688 -ip 6688
1⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6616 -ip 6616
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5300 -ip 5300
1⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7140 -ip 7140
1⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6660 -ip 6660
1⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6508 -ip 6508
1⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6212 -ip 6212
1⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6876 -ip 6876
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 7240 -ip 7240
1⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3364 -ip 3364
1⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6724 -ip 6724
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6644 -ip 6644
1⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5904 -ip 5904
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 640 -ip 640
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6528 -ip 6528
1⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6108 -ip 6108
1⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6552 -ip 6552
1⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5156 -ip 5156
1⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6600 -ip 6600
1⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5668 -ip 5668
1⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5524 -ip 5524
1⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6360 -ip 6360
1⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6984 -ip 6984
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 4060 -ip 4060
1⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6996 -ip 6996
1⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 8148 -ip 8148
1⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7176 -ip 7176
1⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 7080 -ip 7080
1⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7224 -ip 7224
1⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7592 -ip 7592
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8092 -ip 8092
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3604 -ip 3604
1⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 528 -ip 528
1⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6080 -ip 6080
1⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 9128 -ip 9128
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6184 -ip 6184
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7684 -ip 7684
1⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 3472 -ip 3472
1⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6176 -ip 6176
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6740 -ip 6740
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6916 -ip 6916
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 7580 -ip 7580
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6524 -ip 6524
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6516 -ip 6516
1⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7564 -ip 7564
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1204 -ip 1204
1⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 7128 -ip 7128
1⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7060 -ip 7060
1⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6208 -ip 6208
1⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 1936 -ip 1936
1⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7100 -ip 7100
1⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 6192 -ip 6192
1⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6392 -ip 6392
1⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6856 -ip 6856
1⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5844 -ip 5844
1⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 7192 -ip 7192
1⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7164 -ip 7164
1⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6612 -ip 6612
1⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6616 -ip 6616
1⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6688 -ip 6688
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6696 -ip 6696
1⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5196 -ip 5196
1⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 7132 -ip 7132
1⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5300 -ip 5300
1⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7056 -ip 7056
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8304 -ip 8304
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 8772 -ip 8772
1⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 7944 -ip 7944
1⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 7140 -ip 7140
1⤵
PID:13168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe

Filesize
184KB

MD5
9b2248220ae519b8f0bd490d21559ef0

SHA1
f2190c8f64a02118f6dd3db0ef3325fdcb2934ae

SHA256
d79e0b75efcfd36b71f5ff608cf92462fa5b6e30ee3966ddafbfd57ca72d17d6

SHA512
9e34316fda87e73b386c2601b281645da2ea87da2e1a0be9e54900740f1e1f6a61ca6dc2284faba2f26274b461ac0459d0d9ba2e03104648748ab1e77a64704f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe

Filesize
184KB

MD5
64182a2f8bf87463ba5a8694d7037bd6

SHA1
442eb7add28c0742d154a9b518e511bd4141dce6

SHA256
a33c648f28f1f81a70d5dedc8059b0fefca70c9c53d3dc2046ae2aeb2309eea3

SHA512
0b30ad648cc015efdd4c074701fe0394b3e1eb0d74ac0f3c82145d94c93a41497b01b8d10e6105a564078244555a98b4b38af8fb43e49053c97067841cf6616c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe

Filesize
184KB

MD5
631cb3772cf85b47e3e6982c9f71c5ec

SHA1
56f21ba5bdd22a3913de6ce1e497bf51a857f7eb

SHA256
37fe59b885fdb082b3729d084d817f5ef1df6e30ec145026fc3e1314c25639a8

SHA512
ed9beb31bbb0d42094ab7e8558d6e7f0f72e80df3d197a35db943357718cf3834be69d9dc623f3c50203e764480a78c6fe1372c4ac989829a05050febc1a9ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe

Filesize
184KB

MD5
7b264aa8f2c7d9759bb91b49b290c6c4

SHA1
9a07349a06d392dcb9615e411162728380b4ced5

SHA256
d5f569040e2307cf972827eb63a11e0fadbd0a4ce5f84cba37b4de0e10eaeef2

SHA512
b6e697ba3b5aea82329714505397e4db9b3ecfbf9fa14f76542aaa1d165c5180144b1e991128d8b2d274c2b003a711f1c48b9889356ea3acde5ebfbfe1372600

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe

Filesize
184KB

MD5
d294d94e21bb3fe6c9e8b3e17d131bf5

SHA1
c2582ff4bbcb3073702deb2b2097270670000e0a

SHA256
53a9e83dc99f2fce07d777a2564b2fed0ecb5573ac3586f35577061ac1ca8037

SHA512
048eb0db7ecea963eddb674c8e1f8ab6f6322aa09696a4607234bfca4cd9e5b10af6df22a37cc7401438cb3eb8193dd95ebe645a81e2b7c1d74358a38a09afd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21592.exe

Filesize
184KB

MD5
e4c43000ec2823dda2a817157e607beb

SHA1
be2e86a6d8476b7b67635d67059b682fbe1deddc

SHA256
14f3295d9c6de23233e71c24bd2a36d8e52d4ec42965220c1fca248768914664

SHA512
0c341e5632123f534f57c5680987ce2919a7d3eba32fea4192a7cc5fe65d548b7b96698b0bf4c85461fda0ffc04db8333ae5f4523ca79d112f6112a198d67085

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe

Filesize
184KB

MD5
7d75114127800fc42a079de5ea8625ed

SHA1
79847b06854de8b908da1fa0bf25efda56f54a7a

SHA256
d5e7c623520eb348348abba625d75b9b451850fb8efb2bcaf5de5813ee783557

SHA512
4f1a81f0f30e64be6f3d8ca0bf52f9357d963913bbdf5b01e15c8b89e5194025eb966271b8423cb0ea610ee042f8eecc2651d33dc25ada7b6a30cac2c39f19e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe

Filesize
184KB

MD5
d5d7bf026fbf3d02d202f79e3d5e5082

SHA1
ef772b9125df9e4b1fb9834d2006ebbe0e457386

SHA256
5ef1af83e2d9a5687660c86a8929121b04bc6fbac657e59bb1f4746f405c7810

SHA512
b73532388ac8ce3d5ce436ea1e6bbfa3932a42bd6e9c93062235a9c6cf9b05d8cef007e065678c47a962f2078e46f9f37f2fcdc827549ca9a4a8dae084f13120

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe

Filesize
184KB

MD5
83a1991baa41a69c69665ff4f0c379e7

SHA1
7902631fecc3d8660bfc2388b231812016cf7b21

SHA256
89fcc766bdd4c9bb12bf174bca92ae4a5e9db0652d8470aa4b3d741492bc37d5

SHA512
18efce8caad85d3e99e52b2b82150253f4f4f31196d53b5df1aaa05c10960c83d23e4f2253b75524a93912bdaacd04d52b80ba340b37acf35a5112754a7196de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe

Filesize
184KB

MD5
ca114f230ae64091a3db59ce1e86310c

SHA1
40ebfd8507ea60a7cad3df455c7a68c686dfa89c

SHA256
2aa4a23892e8d060d6c8041044eca2f2922c555e04017a78782e60a2e5959de8

SHA512
854fc860cb444843c5703b42eeca070bc7a1028835c3d263f5e905f483f69d3bca786801b8ce9802bf155f2c134de47b8fb13b0ebe42869ff0d3fc1c760355d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe

Filesize
184KB

MD5
3a8ff8323b69dc4b615a6035645e828e

SHA1
f35c6a7263866f095a2f48a02032394a6c7f9cb5

SHA256
6a8d2e77fd49aed2e3a1d297077204e3bc971a9eeb5d5b834b9ddfdcd7429f62

SHA512
3646bfced13cd8a3992e2114f24569352b9b2067e5f4173f409d8e5614e7f35b332158138b1c526dfd9f1370b6651f7ea94fcb6cd2e437b1f000ca4ea80aa13b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe

Filesize
184KB

MD5
f2e0b21c41f4b0bd4640774d0e8a5694

SHA1
047801a7c14c7d3e087c502683b31013b1921cc7

SHA256
cba6d8156e2d6f538522040da15b44ce09b054d464091a1a7ff4d99a9a83d9c4

SHA512
add5722ae2881c96c09be2daab4674f21b1784c8014c5ee731eb38a7557436a338a28c6eafbfd5b69389151889fb620e6e316df80745de26dc2cf58243f85084

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe

Filesize
184KB

MD5
c3413a339a368d40ebd96174f74a4a6c

SHA1
e3764dc28f6dd9532077b9e8c3fda134d65b0511

SHA256
231d33936b0eeb132a3d5be27039bbc14d52081db6ad46c692f356cc2483ad50

SHA512
ca59deac3ef0f79fb4788bd2972544d9b95c9c16a11a166f95fd4f88692e6883d26c4f0b1a6cd74e2b3a5ae025a63cac3a209c866f4974de89b98bb981b6a950

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe

Filesize
184KB

MD5
ec1aa70f483cb158b6d4a92a0b707d08

SHA1
0f5bf8ec5b5d65c3d64e665eac1c3f1f4d504fc1

SHA256
97a4106c69b2ab520b3dcfd8d56f3fa91ce98d65fccb80bad55662d74e8081e6

SHA512
43fa9f93d038fbe4f895ee154945347a37b4e5db43ca9c877ad02141b4588fcba43cd15d7ec6d8c1167f06ce3c43bfae53d15b89a6db43a591230bd0e6ffa473

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe

Filesize
184KB

MD5
dc2d96dd2ac4d529098e729fbab11d40

SHA1
d01024964ef2b1a6232a6c59719d94361eb19b31

SHA256
6979c0ad93bc92238a1ac150c32089baf5494419b97e335d6b7c3254ce7da5e3

SHA512
69d12c17a071ab63692d6fe20b4081d353c1f582557eeaee4d37a4a5e6422c2601b93842f22871bc35e7b27036207b85157d6966fa1da992c47eac745baad671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe

Filesize
184KB

MD5
38e0e4d6c493444bae498f48bd6d2519

SHA1
e8294a85985a27b877b967f965b6519260f5ce87

SHA256
fdd2142b4cd3f5e4185afb3b57a2f65901779c91d3122c554fb8fa4321471c7c

SHA512
b27596284ac356c33c01fb2616ad3bf38807dd37887f63cb6af3c47165c9ed60d512b2fd2d2b29be435748cbba7bc87a336c33d5568ee87b99001fe9b0936f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe

Filesize
184KB

MD5
490b94419014c4f13f0dfa553eb3b645

SHA1
d8c77ff8b8a39b550d03f890c0a8d9b1ca15351a

SHA256
4a07b739d57a29ab4bdb7b38ee089264941ceb8465df8dde7e2c16ab485f838c

SHA512
f3c58a41e752460115a3b6c0f1b68f5aeabd65ee0cb83a57b98b304d526826113bb57dec541c47de4cfdb86b5401eb45f5c053b39b6474748e68908a4d537b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe

Filesize
184KB

MD5
d5dd0ab4c5cb287934bba22b8754484d

SHA1
858a33a314bf5cf426508e27c2efe0cb0959c3e7

SHA256
087699597262c73eaf55f7c5d018b437cef4eae9ccef1f3a17e93804b9cbc4d6

SHA512
114f0926291198d4dbce71fcfcc7a77dcb9c65770100b0b7cb79686469bb0e5accd4526c0b55caefcba89d2a2583519d365f6a20e3ce980b3ee4ca9931b0eb78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe

Filesize
184KB

MD5
da820e6c7bfb1e83fcdc9a2cb545571a

SHA1
9c94d72a717c6f8f606b5548c6f2b2bfe58b03fb

SHA256
4012cfd0fd98c36701384258223ce3cb36f2255fb3a2bdf36beea6032f51ceb2

SHA512
6ef2e0f087ed1a4032ef801423e0d6bbfe60617c4aa25b28e5b7fc9614a2792a724b11152094fb0f220c57a432aba3178c3abe94b8ed1a86339d16528f371fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe

Filesize
184KB

MD5
cd801f3d196539efce048b18eddf1822

SHA1
2d99893b87d32a540af570c6d023c1828e8cdc84

SHA256
4cfcfc538b63de8acd88ec08dcd096da97c5cad629086a7c3dcee2a949760871

SHA512
4c7999e0591f9e3e86f804e4e009c47fa555d6a5740429f40ed943fa92fc9e580d5ce883f822df1859679e55833a04b395d942b70dd92dc45633d4f1c23bb731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe

Filesize
184KB

MD5
67a40550fe812558523879273f86d052

SHA1
39d7ee76875b5cc61aac3ab8afdc19f467b0536a

SHA256
4f336bef26f3f650804a245766b9a656c02ab3cd7c3bb55c225191fc1e8ca4ba

SHA512
78b2b19b71911473e0e843259befa06f0d9c15788dfa6a3987f12be80279cea77ebfe16937065fbc1a5a6205f378fcdbbfa65459df8c83f3f2704e61325f39f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe

Filesize
184KB

MD5
4d11e4f10c97e2812a8e3aebc829175f

SHA1
6de7742d40526db95e14724052a72fcf7c113fc9

SHA256
45825c851e65f41ae878cc1d7dfe8375258c68749e35f253b036501e8219d8b6

SHA512
2a0e38fe6f4c43c9675b914c53c41cb64d8f479ee9c1e0bad81477440a68ca7e5045f3bf095b46e21f4ea1420c0fefe3adde3be05483b48ec57cc039669b3d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe

Filesize
184KB

MD5
a4943e971d1c4de7b0fe3336f5761fe0

SHA1
01d9a5d15832560eff9b1c709fb8eaccc6527cfc

SHA256
eb312f75e1899c176c60abeaf2484e59f1e50d38dfcfd4157584a47d8fac3e61

SHA512
0b783f11385de652659e5d44cafbcaf4e46a5278f2ac88a22180975ef5bbe8f6d30f6a999e57c0798657a0f9fa8030bd52ab8b7f8205b8c5b3dc694e4e6cf9fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe

Filesize
184KB

MD5
62256b65cbb720317727d7ee2658a41b

SHA1
c12604942c6dd9dded945e1d06696448fedc7cea

SHA256
fade61a0d4e5ebb631686b5269a8f4f14ed843e20870f42808e1add302ba1737

SHA512
cc836306ce7f2760156c10dd7dc1ccd94bc7d5ed42ae83047d3605bf9289bfb0d2894f2c96f983f634c59aded54b85574f2d96d55cfa085aa192e8c642a834a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe

Filesize
184KB

MD5
d235c1bbc25ca75a7ea1c85a8458dc21

SHA1
a5161a67f12a6c773b6e7e9d58f235e3a232c888

SHA256
6cc5f081af3be53d6841a20ed4ffa2e3bcfa8de607b2eee41781d7729204e9fd

SHA512
0895c047719acad11927a83e2134cf4d495d9000caf3cfe061001a78501b7594bc59946c622d5a5c10f358ec01cd612e68f29636f059d76aae85dadfa82a30d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe

Filesize
184KB

MD5
8f241977451530111bbf34b6bdb600b9

SHA1
b5ddb50b65e96b4d19f435d4d86138e7b16ac11c

SHA256
7a618e197027f2ca46ba51d5e1e2784f53dbf54cb5285c8f0c7d22afbc0684fb

SHA512
48bab099626139ad1ab1546fe97d115d9411cb48565bd12b82df94712405198416774715d1dc72cc6983695caf6af14dff92fe505755fb29971df051186bd64d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe

Filesize
184KB

MD5
fbffed33996d5863673315f005ca7578

SHA1
78b7c17c820e1f8899fe80764156a0c09b7e3346

SHA256
ef1f6151db6d1a2eac9159b81fac04dd3073f964e1120e9eaa29b94d4931f159

SHA512
9d5addee9aeba71ac87091a6f63a6486f0778287974967da05190bf0b9497e40a82c63673c0f33340b4038fdac9a3c7e194400d03cd2753146c36ab62b5d9d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe

Filesize
184KB

MD5
29fc61a5c4a8e46859470b47ef9ac9da

SHA1
1c15d6d41b75424e12388a08b49623a814b7a139

SHA256
c6832c813d35c1d7800a61974a0009155a5c37ecc8866223b9fdabffd0b75382

SHA512
380c6900a5c1aeb71149e65e64fbb6f001e7afc684838cfea1e9eeba244a690b71a2b671472a8485f41c9dea3b775834d7750ac1428b2ef210599ab745555133

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe

Filesize
184KB

MD5
68ff493124cbed1afbfb85d0660c42da

SHA1
c01d5d63a6aa806e2e5bc2b2d7585f8c57742de7

SHA256
a2636cdbbb07df71224fa6511e28e40b3a41d622647489a20ee43151619d8e0f

SHA512
bb70c2902b80724d18b6bbeb771d7b16eafcbb55908ebcd4e6f4047ed2a7f54c176f84303359c99e54e6ae6a965220fff210526601dfa5762b0ab6d6978c3fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe

Filesize
184KB

MD5
9da524e5d7c885290347e47df2f3fa41

SHA1
51f9a245af88f4323ba68e560d55d94e536c7446

SHA256
16126101c2f14d9f7842c99266b5aa9353c1a676a55d3e0352bdaaa4566ba92a

SHA512
cbd2d4914720b6aae6e6cc927683266a5c27d1587e5ff9022597e2e1a77d60ad8e60213fdcdb811b89c022e51dc1d76547df4364aeed6bd598702a6d2ce7d259

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe

Filesize
184KB

MD5
ae0c7e1e5347cb9027798366ccc771ac

SHA1
d0e487eebbcdc7408da528da4efe4716430a964f

SHA256
a3249506ec4eec0005e523404fe0ede656582d66c194a9511832015ae90723d4

SHA512
205f88ec320346eb64ef8e26273fe778f6160549a49213273d2a67eaccaba5ca12c84bf928396f7c64d5add53cc0d17596ff3c6e8b6d808a13fcf2cf98f8c407

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe

Filesize
184KB

MD5
9202a65558686effc8a54bc1c49fca8f

SHA1
84b4dddeee0e7e13cc59709303a9dadaa0c4070d

SHA256
eee7bd414a6bf457cee92154c79b84c3545b8c71625ba97501998d15022bee78

SHA512
ec2b51b93e1e2c961c9c5d78695bf42d7f2476ab08f1a4c6e61aeaee1fd76a0e5c55e5d700084688fad0d18d2a082ac57c4551d89344e13525b418177535566c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe

Filesize
184KB

MD5
bac25d65c160f6d2e5b2378d7c53d58c

SHA1
6273e44c74bba3adc374070a194696692cd758f1

SHA256
68553377858bbe3f93e3e4bd23b6d751124f16fe97064f4b4b7578f5255814bb

SHA512
896c913f37d4bf47b8495041c15c5f52cd32a436a179e57c3120ffa979d0d90c6aa8f6e77501dd37dff5624be08972e11a76ea2913f221b4a437d9910999764e

Download Submit
memory/2052-2444-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6500-1838-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6732-1777-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17388-2769-0x00007FFD25960000-0x00007FFD259B9000-memory.dmp

Filesize
356KB

Download