5129e2005656c3fb0dc2ce79930d1d83ea75be258adea1b44ccafea9e57a0733

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f244c7ff2b944048ad712b4d65141560N.exe
Size

468KB
MD5

f244c7ff2b944048ad712b4d65141560
SHA1

f073c4e40458df224ab9aa6b4fc11b4c44e8e9ec
SHA256

5129e2005656c3fb0dc2ce79930d1d83ea75be258adea1b44ccafea9e57a0733
SHA512

c0cd9ace273806f4352197401eba923571c7dd217b9e71375ef2eb09ebfc0bbcc85be0c85ee91f6ddf71c16cced32d6438c073d9fc64ec74a7f7f6b3e096e54c
SSDEEP

3072:iOAoogIdId5CtbYiYztjcf8/SCtvPIpqhmHeLVUiQS78J6CPBzlD:iObowbCtNYJjcfs0qxQSoUCPB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 35 IoCs

pid	Process
1128	Unicorn-61432.exe
2888	Unicorn-30644.exe
3512	Unicorn-2610.exe
4960	Unicorn-30016.exe
3360	Unicorn-26678.exe
1084	Unicorn-46544.exe
1140	Unicorn-40414.exe
2076	Unicorn-45688.exe
2380	Unicorn-53856.exe
3528	Unicorn-47726.exe
4780	Unicorn-50135.exe
4880	Unicorn-46051.exe
836	Unicorn-24884.exe
872	Unicorn-20534.exe
1888	Unicorn-47800.exe
2336	Unicorn-53399.exe
4336	Unicorn-3451.exe
1192	Unicorn-40208.exe
3444	Unicorn-52460.exe
3944	Unicorn-52460.exe
2056	Unicorn-54521.exe
2852	Unicorn-7151.exe
800	Unicorn-27307.exe
4956	Unicorn-65075.exe
4260	Unicorn-37970.exe
2612	Unicorn-29300.exe
4420	Unicorn-30046.exe
3148	Unicorn-55148.exe
3428	Unicorn-7793.exe
4856	Unicorn-9647.exe
4600	Unicorn-26730.exe
2488	Unicorn-62740.exe
5040	Unicorn-7426.exe
4024	Unicorn-15615.exe
3040	Unicorn-64624.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1332	4960	WerFault.exe	103
3168	4960	WerFault.exe	103
4740	1084	WerFault.exe	105
1540	1084	WerFault.exe	105
2256	3512	WerFault.exe	101
1040	4780	WerFault.exe	113
3060	4780	WerFault.exe	113
3500	3512	WerFault.exe	101
1616	800	WerFault.exe	133
1428	836	WerFault.exe	115
4348	2852	WerFault.exe	132
4076	2056	WerFault.exe	131
4064	2056	WerFault.exe	131
644	836	WerFault.exe	115
1852	2852	WerFault.exe	132
2156	800	WerFault.exe	133
5624	4968	WerFault.exe	154
1852	3924	WerFault.exe	163
5652	4780	WerFault.exe	159
6136	3432	WerFault.exe	185
6312	5288	WerFault.exe	194
6232	5936	WerFault.exe
4580	5660	WerFault.exe	202
6772	4780	WerFault.exe	159
6476	5004	WerFault.exe	174
6676	5936	WerFault.exe	213
6960	5128	WerFault.exe	240
632	2476	WerFault.exe	230
1836	224	WerFault.exe	238
2184	6664	WerFault.exe	329
5856	6948	WerFault.exe	370
9220	5312	WerFault.exe	365
3936	6776	WerFault.exe	367
9288	5612	WerFault.exe	199
4504	7160	WerFault.exe	284
1764	5712	WerFault.exe	345
6396	7912	WerFault.exe	405
8636	5444	WerFault.exe	239
2724	6344	WerFault.exe	325
6280	6156	WerFault.exe	318
9592	7200	WerFault.exe	380
9836	7524	WerFault.exe	400
8768	3552	WerFault.exe	182
5936	5928	WerFault.exe	212
9808	6904	WerFault.exe	341
9540	7468	WerFault.exe	396
12096	6500	WerFault.exe	327
10808	6940	WerFault.exe	363
11908	5244	WerFault.exe	241
4344	5520	WerFault.exe	225
12016	7424	WerFault.exe	393
11900	4976	WerFault.exe	376
3604	5488	WerFault.exe	224
13044	7268	WerFault.exe	483
12964	6560	WerFault.exe	497
13184	5576	WerFault.exe	366
13300	6380	WerFault.exe	476
12504	7372	WerFault.exe	390
12444	6436	WerFault.exe	466
4496	6684	WerFault.exe	477
12480	5124	WerFault.exe	374
11884	6444	WerFault.exe	265
3056	5180	WerFault.exe	189
6824	3624	WerFault.exe	223

System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f244c7ff2b944048ad712b4d65141560N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7151.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
4444	f244c7ff2b944048ad712b4d65141560N.exe
1128	Unicorn-61432.exe
2888	Unicorn-30644.exe
3512	Unicorn-2610.exe
3360	Unicorn-26678.exe
4960	Unicorn-30016.exe
1084	Unicorn-46544.exe
1140	Unicorn-40414.exe
2076	Unicorn-45688.exe
2380	Unicorn-53856.exe
836	Unicorn-24884.exe
872	Unicorn-20534.exe
4880	Unicorn-46051.exe
3528	Unicorn-47726.exe
4780	Unicorn-50135.exe
1888	Unicorn-47800.exe
2336	Unicorn-53399.exe
4336	Unicorn-3451.exe
1192	Unicorn-40208.exe
3444	Unicorn-52460.exe
3944	Unicorn-52460.exe
2852	Unicorn-7151.exe
2056	Unicorn-54521.exe
4260	Unicorn-37970.exe
4956	Unicorn-65075.exe
800	Unicorn-27307.exe
2612	Unicorn-29300.exe
4420	Unicorn-30046.exe
3428	Unicorn-7793.exe
3148	Unicorn-55148.exe
4856	Unicorn-9647.exe
4600	Unicorn-26730.exe
2488	Unicorn-62740.exe
5040	Unicorn-7426.exe
4024	Unicorn-15615.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 1128	4444	f244c7ff2b944048ad712b4d65141560N.exe	94
PID 4444 wrote to memory of 1128	4444	f244c7ff2b944048ad712b4d65141560N.exe	94
PID 4444 wrote to memory of 1128	4444	f244c7ff2b944048ad712b4d65141560N.exe	94
PID 1128 wrote to memory of 2888	1128	Unicorn-61432.exe	100
PID 1128 wrote to memory of 2888	1128	Unicorn-61432.exe	100
PID 1128 wrote to memory of 2888	1128	Unicorn-61432.exe	100
PID 4444 wrote to memory of 3512	4444	f244c7ff2b944048ad712b4d65141560N.exe	101
PID 4444 wrote to memory of 3512	4444	f244c7ff2b944048ad712b4d65141560N.exe	101
PID 4444 wrote to memory of 3512	4444	f244c7ff2b944048ad712b4d65141560N.exe	101
PID 2888 wrote to memory of 4960	2888	Unicorn-30644.exe	103
PID 2888 wrote to memory of 4960	2888	Unicorn-30644.exe	103
PID 2888 wrote to memory of 4960	2888	Unicorn-30644.exe	103
PID 1128 wrote to memory of 3360	1128	Unicorn-61432.exe	104
PID 1128 wrote to memory of 3360	1128	Unicorn-61432.exe	104
PID 1128 wrote to memory of 3360	1128	Unicorn-61432.exe	104
PID 3512 wrote to memory of 1084	3512	Unicorn-2610.exe	105
PID 3512 wrote to memory of 1084	3512	Unicorn-2610.exe	105
PID 3512 wrote to memory of 1084	3512	Unicorn-2610.exe	105
PID 4444 wrote to memory of 1140	4444	f244c7ff2b944048ad712b4d65141560N.exe	106
PID 4444 wrote to memory of 1140	4444	f244c7ff2b944048ad712b4d65141560N.exe	106
PID 4444 wrote to memory of 1140	4444	f244c7ff2b944048ad712b4d65141560N.exe	106
PID 3360 wrote to memory of 2076	3360	Unicorn-26678.exe	109
PID 3360 wrote to memory of 2076	3360	Unicorn-26678.exe	109
PID 3360 wrote to memory of 2076	3360	Unicorn-26678.exe	109
PID 1128 wrote to memory of 3528	1128	Unicorn-61432.exe	110
PID 1128 wrote to memory of 3528	1128	Unicorn-61432.exe	110
PID 1128 wrote to memory of 3528	1128	Unicorn-61432.exe	110
PID 1084 wrote to memory of 2380	1084	Unicorn-46544.exe	111
PID 1084 wrote to memory of 2380	1084	Unicorn-46544.exe	111
PID 1084 wrote to memory of 2380	1084	Unicorn-46544.exe	111
PID 3512 wrote to memory of 4780	3512	Unicorn-2610.exe	113
PID 3512 wrote to memory of 4780	3512	Unicorn-2610.exe	113
PID 3512 wrote to memory of 4780	3512	Unicorn-2610.exe	113
PID 2888 wrote to memory of 4880	2888	Unicorn-30644.exe	114
PID 2888 wrote to memory of 4880	2888	Unicorn-30644.exe	114
PID 2888 wrote to memory of 4880	2888	Unicorn-30644.exe	114
PID 1140 wrote to memory of 836	1140	Unicorn-40414.exe	115
PID 1140 wrote to memory of 836	1140	Unicorn-40414.exe	115
PID 1140 wrote to memory of 836	1140	Unicorn-40414.exe	115
PID 4444 wrote to memory of 872	4444	f244c7ff2b944048ad712b4d65141560N.exe	116
PID 4444 wrote to memory of 872	4444	f244c7ff2b944048ad712b4d65141560N.exe	116
PID 4444 wrote to memory of 872	4444	f244c7ff2b944048ad712b4d65141560N.exe	116
PID 2076 wrote to memory of 1888	2076	Unicorn-45688.exe	121
PID 2076 wrote to memory of 1888	2076	Unicorn-45688.exe	121
PID 2076 wrote to memory of 1888	2076	Unicorn-45688.exe	121
PID 3360 wrote to memory of 2336	3360	Unicorn-26678.exe	122
PID 3360 wrote to memory of 2336	3360	Unicorn-26678.exe	122
PID 3360 wrote to memory of 2336	3360	Unicorn-26678.exe	122
PID 2380 wrote to memory of 4336	2380	Unicorn-53856.exe	123
PID 2380 wrote to memory of 4336	2380	Unicorn-53856.exe	123
PID 2380 wrote to memory of 4336	2380	Unicorn-53856.exe	123
PID 3528 wrote to memory of 1192	3528	Unicorn-47726.exe	127
PID 3528 wrote to memory of 1192	3528	Unicorn-47726.exe	127
PID 3528 wrote to memory of 1192	3528	Unicorn-47726.exe	127
PID 872 wrote to memory of 3444	872	Unicorn-20534.exe	129
PID 872 wrote to memory of 3444	872	Unicorn-20534.exe	129
PID 872 wrote to memory of 3444	872	Unicorn-20534.exe	129
PID 836 wrote to memory of 3944	836	Unicorn-24884.exe	130
PID 836 wrote to memory of 3944	836	Unicorn-24884.exe	130
PID 836 wrote to memory of 3944	836	Unicorn-24884.exe	130
PID 4444 wrote to memory of 2056	4444	f244c7ff2b944048ad712b4d65141560N.exe	131
PID 4444 wrote to memory of 2056	4444	f244c7ff2b944048ad712b4d65141560N.exe	131
PID 4444 wrote to memory of 2056	4444	f244c7ff2b944048ad712b4d65141560N.exe	131
PID 4880 wrote to memory of 2852	4880	Unicorn-46051.exe	132

C:\Users\Admin\AppData\Local\Temp\f244c7ff2b944048ad712b4d65141560N.exe
"C:\Users\Admin\AppData\Local\Temp\f244c7ff2b944048ad712b4d65141560N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 632
        5⤵
        Program crash
        
        PID:1332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 632
        5⤵
        Program crash
        
        PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 636
        6⤵
        Program crash
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 676
        6⤵
        Program crash
        
        PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43518.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
        8⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 636
        9⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
        8⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 660
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        8⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 636
        8⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 632
        7⤵
        Program crash
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        7⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        6⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 636
        7⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6859.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
        9⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        7⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 640
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        7⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        7⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        6⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
        7⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
        6⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        8⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 632
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 740
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64271.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        7⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        6⤵
        
        PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        5⤵
        
        PID:7524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 632
        6⤵
        Program crash
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        5⤵
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 636
        6⤵
        
        PID:560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 652
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        6⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 724
        7⤵
        
        PID:13684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 724
        7⤵
        
        PID:13576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 632
        6⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        5⤵
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        6⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        7⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        5⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        7⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        5⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        6⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        5⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        6⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62899.exe
        5⤵
        
        PID:9960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 628
        6⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        5⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20490.exe
      4⤵
      PID:13584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        6⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        7⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 720
        8⤵
        Program crash
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 720
        8⤵
        Program crash
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        7⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 636
        8⤵
        Program crash
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        7⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 636
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        7⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
        7⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 636
        8⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 636
        7⤵
        Program crash
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        6⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        7⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
        6⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56060.exe
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        10⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        10⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        9⤵
        
        PID:15008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 648
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        7⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 640
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        7⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        7⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59227.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        7⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 720
        8⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        6⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 648
        7⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        7⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        6⤵
        
        PID:5956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 720
        6⤵
        Program crash
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        6⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        6⤵
        
        PID:7628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 656
        6⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        6⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        9⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
        10⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        10⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        9⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 636
        10⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        9⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 636
        10⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        9⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        9⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        7⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 636
        8⤵
        Program crash
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
        7⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 648
        7⤵
        Program crash
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        5⤵
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 640
        6⤵
        Program crash
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
        7⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 628
        8⤵
        Program crash
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 636
        7⤵
        Program crash
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        7⤵
        
        PID:10636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 680
        6⤵
        Program crash
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 640
        7⤵
        Program crash
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 640
        7⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        6⤵
        
        PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
        6⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        8⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28484.exe
        9⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
        9⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        8⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 632
        8⤵
        Program crash
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        7⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 636
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        8⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        7⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        7⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        6⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        7⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        7⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 636
        8⤵
        Program crash
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        8⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 624
        7⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        8⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        9⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
        9⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        8⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        6⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 716
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        6⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        6⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        9⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
        8⤵
        
        PID:14968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 668
        7⤵
        Program crash
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        6⤵
        
        PID:6844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 656
        6⤵
        Program crash
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        6⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        7⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        6⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
        7⤵
        
        PID:13932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 720
        5⤵
        Program crash
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        7⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        8⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        6⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        7⤵
        
        PID:10624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 640
        6⤵
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38962.exe
        5⤵
        
        PID:5456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 644
        6⤵
        
        PID:14080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 504
        5⤵
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
      4⤵
      PID:7772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 636
        5⤵
        
        PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
      4⤵
      PID:9608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 644
        5⤵
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
      4⤵
      PID:13100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57328.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        10⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        10⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        9⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        11⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
        10⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        9⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        9⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 664
        8⤵
        Program crash
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        9⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        8⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        7⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 636
        8⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 640
        7⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        5⤵
        
        PID:5288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 724
        6⤵
        Program crash
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38344.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        7⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        7⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 724
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        6⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        5⤵
        
        PID:4312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 636
        6⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
        5⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        5⤵
        
        PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        6⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 644
        7⤵
        Program crash
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        6⤵
        
        PID:8160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 756
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        7⤵
        
        PID:14716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 668
        6⤵
        Program crash
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        5⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        6⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
        5⤵
        
        PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        5⤵
        
        PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        5⤵
        
        PID:6344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 720
        6⤵
        Program crash
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
        5⤵
        
        PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        6⤵
        
        PID:10436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 656
        5⤵
        Program crash
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19626.exe
      4⤵
      PID:7640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 636
        5⤵
        
        PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
      4⤵
      PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
      4⤵
      PID:13832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 724
      4⤵
      Program crash
      PID:1616
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 764
      4⤵
      Program crash
      PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
    3⤵
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        8⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 632
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45426.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55131.exe
        7⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        7⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 644
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        6⤵
        
        PID:544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 636
        7⤵
        
        PID:6440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 680
        6⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
      4⤵
      PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
      4⤵
      PID:7468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 636
        5⤵
        Program crash
        
        PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
      4⤵
      PID:6828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 636
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
      4⤵
      PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        5⤵
        
        PID:14580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 756
      4⤵
      PID:15612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    3⤵
    PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
    3⤵
    PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
      4⤵
      PID:7200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 636
        5⤵
        Program crash
        
        PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
      4⤵
      PID:8976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 628
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
      4⤵
      PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        5⤵
        
        PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
      4⤵
      PID:14752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
    3⤵
    PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
    3⤵
    PID:8788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
    3⤵
    PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
      4⤵
      PID:9204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
    3⤵
    PID:14708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        10⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 624
        10⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        9⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 636
        10⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        9⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        10⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        8⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 636
        9⤵
        Program crash
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        10⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        11⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        10⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        10⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 720
        9⤵
        
        PID:15620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 644
        8⤵
        Program crash
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        8⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 636
        9⤵
        Program crash
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 636
        9⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        7⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 640
        8⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 664
        7⤵
        Program crash
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        7⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 720
        8⤵
        Program crash
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3078.exe
        7⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 636
        8⤵
        
        PID:14360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 668
        7⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48551.exe
        8⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        6⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 640
        7⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe
        7⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 636
        8⤵
        Program crash
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        9⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 632
        9⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        8⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        6⤵
        
        PID:6480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 548
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        5⤵
        
        PID:6776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 636
        6⤵
        Program crash
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        5⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        5⤵
        
        PID:10744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 736
      4⤵
      Program crash
      PID:4740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 752
      4⤵
      Program crash
      PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 640
      4⤵
      Program crash
      PID:1040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 640
      4⤵
      Program crash
      PID:3060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 720
    3⤵
    - Program crash
    PID:2256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 720
    3⤵
    - Program crash
    PID:3500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26170.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        8⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 636
        9⤵
        Program crash
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23328.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        7⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 644
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        7⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        6⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 636
        7⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        7⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9702.exe
        6⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        6⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 636
        7⤵
        Program crash
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2703.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        9⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        6⤵
        
        PID:1864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 752
        6⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27993.exe
        5⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        5⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        6⤵
        
        PID:15444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 504
        5⤵
        
        PID:15580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 752
      4⤵
      Program crash
      PID:1428
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 752
      4⤵
      Program crash
      PID:644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
      4⤵
      PID:4968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 724
        5⤵
        Program crash
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        6⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        9⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45603.exe
        7⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 636
        8⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 636
        8⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        7⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        6⤵
        
        PID:8612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 652
        6⤵
        Program crash
        
        PID:13184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 652
        6⤵
        
        PID:14768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 724
        5⤵
        Program crash
        
        PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        5⤵
        
        PID:6904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 632
        6⤵
        Program crash
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        5⤵
        
        PID:6856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 636
        6⤵
        
        PID:6124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 548
        5⤵
        Program crash
        
        PID:11884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
    3⤵
    PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
      4⤵
      PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
      4⤵
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63976.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        6⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        
        PID:10204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 636
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        5⤵
        
        PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
      4⤵
      PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe
        5⤵
        
        PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
      4⤵
      PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
      4⤵
      PID:13416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
      4⤵
      PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        5⤵
        
        PID:8236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 636
        6⤵
        
        PID:4168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 636
        5⤵
        
        PID:12888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 636
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
      4⤵
      PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
      4⤵
      PID:14680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
      4⤵
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        5⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        6⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        5⤵
        
        PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
    3⤵
    PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
    3⤵
    PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
      4⤵
      PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
    3⤵
    PID:13200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34214.exe
    3⤵
    PID:2976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        6⤵
        
        PID:224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 636
        7⤵
        Program crash
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
        5⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
      4⤵
      PID:5660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 676
        5⤵
        Program crash
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        6⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 720
        7⤵
        Program crash
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        5⤵
        
        PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        6⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        5⤵
        
        PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        5⤵
        
        PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
      4⤵
      PID:14416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
    3⤵
    PID:4780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 632
      4⤵
      Program crash
      PID:5652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 652
      4⤵
      Program crash
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4951.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
      4⤵
      PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        5⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        6⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        7⤵
        
        PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        5⤵
        
        PID:14636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 648
      4⤵
      Program crash
      PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        5⤵
        
        PID:6192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 652
        5⤵
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
      4⤵
      PID:3676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 716
        5⤵
        
        PID:10156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 648
      4⤵
      PID:13692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
    3⤵
    PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
      4⤵
      PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8722.exe
      4⤵
      PID:7976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
    3⤵
    PID:8752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
    3⤵
    PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
      4⤵
      PID:14704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
    3⤵
    PID:15260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 636
    3⤵
    - Program crash
    PID:4076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 680
    3⤵
    - Program crash
    PID:4064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
  2⤵
  PID:3924
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 632
    3⤵
    - Program crash
    PID:1852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
  2⤵
  PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
    3⤵
    PID:6376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
  2⤵
  PID:5904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
  2⤵
  PID:7488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30362.exe
  2⤵
  PID:5904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
  2⤵
  PID:9372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
    3⤵
    PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
      4⤵
      PID:6712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
  2⤵
  PID:13432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
  2⤵
  PID:6932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3824,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:8
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4960 -ip 4960
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4960 -ip 4960
1⤵
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1084 -ip 1084
1⤵
PID:372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1084 -ip 1084
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4780 -ip 4780
1⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3512 -ip 3512
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4780 -ip 4780
1⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3512 -ip 3512
1⤵
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2056 -ip 2056
1⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 800 -ip 800
1⤵
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2852 -ip 2852
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4880 -ip 4880
1⤵
PID:644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 836 -ip 836
1⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4880 -ip 4880
1⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2612 -ip 2612
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 836 -ip 836
1⤵
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2056 -ip 2056
1⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2852 -ip 2852
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 800 -ip 800
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4968 -ip 4968
1⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3924 -ip 3924
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4780 -ip 4780
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3432 -ip 3432
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5288 -ip 5288
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5208 -ip 5208
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5408 -ip 5408
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4968 -ip 4968
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5660 -ip 5660
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5728 -ip 5728
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5840 -ip 5840
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5956 -ip 5956
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5936 -ip 5936
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5208 -ip 5208
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5408 -ip 5408
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5660 -ip 5660
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5728 -ip 5728
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5956 -ip 5956
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5840 -ip 5840
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3924 -ip 3924
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4780 -ip 4780
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5896 -ip 5896
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4760 -ip 4760
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5004 -ip 5004
1⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3432 -ip 3432
1⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5896 -ip 5896
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4760 -ip 4760
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5004 -ip 5004
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5288 -ip 5288
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5936 -ip 5936
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5128 -ip 5128
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5788 -ip 5788
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 224 -ip 224
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2476 -ip 2476
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3480 -ip 3480
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 868 -ip 868
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6584 -ip 6584
1⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5788 -ip 5788
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2844 -ip 2844
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6364 -ip 6364
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6556 -ip 6556
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6196 -ip 6196
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6600 -ip 6600
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6376 -ip 6376
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6436 -ip 6436
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6680 -ip 6680
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6056 -ip 6056
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6392 -ip 6392
1⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 7008 -ip 7008
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6536 -ip 6536
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7136 -ip 7136
1⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5720 -ip 5720
1⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3280 -ip 3280
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5904 -ip 5904
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6480 -ip 6480
1⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5676 -ip 5676
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5528 -ip 5528
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3480 -ip 3480
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4856 -ip 4856
1⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3148 -ip 3148
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5140 -ip 5140
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5260 -ip 5260
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 868 -ip 868
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6072 -ip 6072
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6364 -ip 6364
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4956 -ip 4956
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5908 -ip 5908
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2488 -ip 2488
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5696 -ip 5696
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4600 -ip 4600
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2400 -ip 2400
1⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6032 -ip 6032
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3428 -ip 3428
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5256 -ip 5256
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5456 -ip 5456
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6556 -ip 6556
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2844 -ip 2844
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6196 -ip 6196
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6584 -ip 6584
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6436 -ip 6436
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6600 -ip 6600
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6376 -ip 6376
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7008 -ip 7008
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6392 -ip 6392
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6056 -ip 6056
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3280 -ip 3280
1⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6680 -ip 6680
1⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5904 -ip 5904
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6536 -ip 6536
1⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7136 -ip 7136
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5720 -ip 5720
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6480 -ip 6480
1⤵
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5676 -ip 5676
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5528 -ip 5528
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4856 -ip 4856
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3148 -ip 3148
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6072 -ip 6072
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5140 -ip 5140
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5260 -ip 5260
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4956 -ip 4956
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5696 -ip 5696
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2488 -ip 2488
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4600 -ip 4600
1⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5908 -ip 5908
1⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2400 -ip 2400
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6032 -ip 6032
1⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5256 -ip 5256
1⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5456 -ip 5456
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3428 -ip 3428
1⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6664 -ip 6664
1⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6344 -ip 6344
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6156 -ip 6156
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7088 -ip 7088
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5164 -ip 5164
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6028 -ip 6028
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2056 -ip 2056
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 7124 -ip 7124
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5148 -ip 5148
1⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5552 -ip 5552
1⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6948 -ip 6948
1⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7300 -ip 7300
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7488 -ip 7488
1⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5948 -ip 5948
1⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7384 -ip 7384
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7896 -ip 7896
1⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5960 -ip 5960
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 7188 -ip 7188
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5680 -ip 5680
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2476 -ip 2476
1⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5444 -ip 5444
1⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5868 -ip 5868
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5128 -ip 5128
1⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6552 -ip 6552
1⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2336 -ip 2336
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4260 -ip 4260
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 8104 -ip 8104
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7912 -ip 7912
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5312 -ip 5312
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7160 -ip 7160
1⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5712 -ip 5712
1⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6776 -ip 6776
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5612 -ip 5612
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7088 -ip 7088
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7080 -ip 7080
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5284 -ip 5284
1⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 8048 -ip 8048
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7468 -ip 7468
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7200 -ip 7200
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6028 -ip 6028
1⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7124 -ip 7124
1⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5164 -ip 5164
1⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6904 -ip 6904
1⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5148 -ip 5148
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2056 -ip 2056
1⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7524 -ip 7524
1⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5552 -ip 5552
1⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 224 -ip 224
1⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5928 -ip 5928
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3552 -ip 3552
1⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7300 -ip 7300
1⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5948 -ip 5948
1⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7488 -ip 7488
1⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7384 -ip 7384
1⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 7896 -ip 7896
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5960 -ip 5960
1⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7188 -ip 7188
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5680 -ip 5680
1⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5868 -ip 5868
1⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2336 -ip 2336
1⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 8104 -ip 8104
1⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5284 -ip 5284
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7080 -ip 7080
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8048 -ip 8048
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6500 -ip 6500
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5408 -ip 5408
1⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6232 -ip 6232
1⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5472 -ip 5472
1⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 7120 -ip 7120
1⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7416 -ip 7416
1⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7548 -ip 7548
1⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1948 -ip 1948
1⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6940 -ip 6940
1⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4976 -ip 4976
1⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7036 -ip 7036
1⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6080 -ip 6080
1⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5520 -ip 5520
1⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5244 -ip 5244
1⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6984 -ip 6984
1⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 7424 -ip 7424
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5488 -ip 5488
1⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 7024 -ip 7024
1⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 644 -ip 644
1⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3932 -ip 3932
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3112 -ip 3112
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7236 -ip 7236
1⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5180 -ip 5180
1⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3624 -ip 3624
1⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6444 -ip 6444
1⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5384 -ip 5384
1⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5124 -ip 5124
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7372 -ip 7372
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6560 -ip 6560
1⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7268 -ip 7268
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5576 -ip 5576
1⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6380 -ip 6380
1⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6684 -ip 6684
1⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6436 -ip 6436
1⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7496 -ip 7496
1⤵
PID:14404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6300 -ip 6300
1⤵
PID:14796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5268 -ip 5268
1⤵
PID:14904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5672 -ip 5672
1⤵
PID:15188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6000 -ip 6000
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5532 -ip 5532
1⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6152 -ip 6152
1⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6232 -ip 6232
1⤵
PID:14432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 9720 -ip 9720
1⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 9968 -ip 9968
1⤵
PID:15236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 632
1⤵
PID:14412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 8484 -ip 8484
1⤵
PID:15344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3676 -ip 3676
1⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5568 -ip 5568
1⤵
PID:14736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 8976 -ip 8976
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 8368 -ip 8368
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5592 -ip 5592
1⤵
PID:15144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6480 -ip 6480
1⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 6032 -ip 6032
1⤵
PID:15236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6576 -ip 6576
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 7512 -ip 7512
1⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1376 -p 6844 -ip 6844
1⤵
PID:14908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 8812 -ip 8812
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1416 -p 8136 -ip 8136
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 8668 -ip 8668
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 8448 -ip 8448
1⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 6036 -ip 6036
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6192 -ip 6192
1⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 8380 -ip 8380
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7640 -ip 7640
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1408 -p 8984 -ip 8984
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 4220 -ip 4220
1⤵
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 5904 -ip 5904
1⤵
PID:14820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 7624 -ip 7624
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7800 -ip 7800
1⤵
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6200 -ip 6200
1⤵
PID:14568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 8936 -ip 8936
1⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1412 -p 5728 -ip 5728
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 9580 -ip 9580
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1472 -p 9980 -ip 9980
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 9712 -ip 9712
1⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 9952 -ip 9952
1⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 9996 -ip 9996
1⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 9664 -ip 9664
1⤵
PID:14356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 9448 -ip 9448
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 6948 -ip 6948
1⤵
PID:15200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 9960 -ip 9960
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 6664 -ip 6664
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 8040 -ip 8040
1⤵
PID:14820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5444 -ip 5444
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 2380 -ip 2380
1⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 392 -ip 392
1⤵
PID:14348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 8020 -ip 8020
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 6500 -ip 6500
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 7344 -ip 7344
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5844 -ip 5844
1⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5836 -ip 5836
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6456 -ip 6456
1⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
1⤵
PID:15452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3944 -ip 3944
1⤵
PID:15536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 10084 -ip 10084
1⤵
PID:15544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1344 -p 10204 -ip 10204
1⤵
PID:15552

C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
1⤵
PID:15660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 3840 -ip 3840
1⤵
PID:15740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe

Filesize
468KB

MD5
1bb099b1c35eb6c0e1a0ae5d73defb96

SHA1
5eaf5a36b915a3f5b14294d03d5bc45a189e1bee

SHA256
20b638e2f8bb9c575cb4d4bde4d859ddbb72c216b8fe5857e18c008e8e2976c0

SHA512
32c611e3ef3fc8e39a58a378fbcf37d1ba151764fbfa63d08c3f89f66b6e7d95bccbc9336972d409f6c76a1dd09da67fe18cd06c01957977777bfc6f5ebd95e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe

Filesize
468KB

MD5
1f2bdacf3bd3cb2fcb73514658ebcbcc

SHA1
692cdbf2004e70eeec9cf4ed5f9c7b2548ef6134

SHA256
5b85eb90f33e791470d3ed28319c6c9fd4895850b9b3b549a853b6203c279f05

SHA512
eb52af62e17eb1c2b8b919b3ea6e2f8d89b9e42e8ab9fe52812d89694e5884844f1b41905dcc96ce421f839c6fe2c2014a6204bb36c78c70691072516c1292bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe

Filesize
468KB

MD5
f3eadec9165e17e00f3a0e8439e254c5

SHA1
3091b83bd9b3703e2fa49c604b717d09ab6a3de2

SHA256
cddd93f4704667ffb5656d049848cca194307778f4b0348b3fe308a9d2ff1326

SHA512
e8e5b8caba5823ba7b16a50a57574cc813a3a76c11914f01c3962c8bbf8c5f9780d03bb39a6ed7f4583dae4eac70072ed17a1a5eecabfe6e77c3bc7e6a2e678c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe

Filesize
468KB

MD5
f9eb8996cc4b7174f50eff35ec33a8da

SHA1
07126872e5007f1fe6c9b98d514c02600f1ff8e8

SHA256
86c48a259235d2680ed329ff37d7b28579feccfc43db7ce4af45bf8b11f5363d

SHA512
be91606858a27e1257e7527c09c6ae0e29b04fac35f17afffca204a67d3cef0d66855bca527bbce7b58700cfa360934637b4815fe8c8db131b0fc3dd053b6d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe

Filesize
468KB

MD5
cd01e9afba0fe25e40aa9bc3e5d51e9c

SHA1
d9101262f5d6788af312dbd2311f6b47b7148158

SHA256
6171e0df9650b16a7e8b1021b3f26475eccd0a35566e56407cb5b69afcc95044

SHA512
15557ad29595add9c5ba8aae148cea0fa34c406c3cec41d254ab02ec56ecae18f3dd77d5ec6b2e37dd567cce662563c6738374042e866574c7603c09254e21ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe

Filesize
468KB

MD5
315fcdf79043fff30556b95492522ea2

SHA1
a554f5f6b9a8f0a5f00ed8ec30b28b8dfd5b65e1

SHA256
5313f6623ada636439a4b0ed449a9648dd20d535d98354f37d8b5f896c884530

SHA512
821d564b0f79f4548a5e58da649c2b40c771ceaa74af277d7bd031cea46f7274eaa0478fe33fe652a569aa5ec76ca0d8568674928460a2c4f71e0eab3b720298

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe

Filesize
468KB

MD5
0a4c218b4c7f32a78fe19553e220e4e6

SHA1
6d7f25ac19750a8499090718d847dc4f22d9af60

SHA256
c452ca4b808dd20bccf83846b1badda4e1c46416c73f429c707aaa54dd5d3f3e

SHA512
e55b28ed5a23e13b4c751a573adac2f767a4bd3880da1d628f7ac2c704c0a1c8197e924be3f2f456d982f04c6282b368010820d7df0fe63a0c35a0e42d28a637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe

Filesize
468KB

MD5
1eddf73eef73237ca6b74b7ae2f95acf

SHA1
c5a85f945e410714e5bdd8cf542b3f946b83a6cb

SHA256
7c72b63d83c88a1f135d12a3de3fe764827433d1da04d228e8d97f8570906103

SHA512
f83866be59bfc6154c7db19bc6229b10118d4bf3c08eb378d6ae737a1df9ff3101e225820ee66e6d8a4e6b2f6eac5063781c7de679c937f4795d6c5bbc2a18a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe

Filesize
468KB

MD5
dd9feb88900121f6130823a16bcc46f7

SHA1
2cf43b48067a089341b3529d4787e363b1f43253

SHA256
677de0d7f1ce38c975af7879d8e919e63b765ef73e4379792f2a7f928c23ac49

SHA512
1f67095842cd29a5fb305560c9ff3f781dae6b54dc04f4a1d76eb96c98d822f7f908f0fa86616a467552451f3ac0f49c0d14bab6e1264ef1811e14d8b8233763

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe

Filesize
468KB

MD5
7e04652808f002e2d8e3c3dec3112f44

SHA1
4181f2c0ff8303afcd46162df9eb881d2e25cc46

SHA256
501e7ae19e8c9b250de5adc9efa23f143b25bab7f9d1701ef4fa316f22889e2c

SHA512
6d759010330c75e8533158328b89385f9219f8c410f2b07b3c64bc27d4380a914f7f5eb98ab916f8f3d34785e56c117ced78ec04bd60d3bc4c90567482ad3808

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe

Filesize
468KB

MD5
2f2cb99d8f218b2012f52035652fb65e

SHA1
66c13f8cf050d494a366f5d026598dd373df3e5e

SHA256
c43f2527bfc1214388ade5fba90441b3ac80af40451799d11f2aebbdeec7795d

SHA512
6df1520de12ba92711ef348174d9879a836eb37fd3eceb85c426b3693d2cda29c3543c38e232ee0c220b6e7754d7db517ee27e13700841b1a3c0af3c02a96f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe

Filesize
468KB

MD5
cd058a10344aceb95478e6534f669830

SHA1
9f9dadcb6c9b555e0c506fb24e69c515d35dadcc

SHA256
5a991187eff65a5099e3d99c97cb6d67819d109c7a5b34b7e4f29caa0de920ec

SHA512
9bebf051ce9184cbf6375ee5c4b171de7aad79783caca594f98a5fc3852c695ed0e3cbf3f61989934be2c64af8d10465f641086c53009b756c72b89a3e36bce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe

Filesize
468KB

MD5
9c1df295d6c19d2e070b8321006eb402

SHA1
ea819a1cd00a9b64121387de5b773598d2e584bc

SHA256
41bf005d83af6223fe426bf8c6709e0a8643331982adbd8038998d5832ed166b

SHA512
d0e0246b996526141e1ec1eb641e17d1058b90f5c75d40766db23024d49a13873c07e08e8a60f8920db9ca07c40d2af09ab5cd64823f60afea382bc31c1e2684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe

Filesize
468KB

MD5
2ef152f31534544d69f79d61b35c02a0

SHA1
5fd2e19ab729ed24213a8a00ecb6fdb3b6f67a4d

SHA256
a8e6ed0ff8e1e835011f0be1a30af9b368c2028f3c97a61a70d32582cd2b9a23

SHA512
fddb145b9ce96a250d9bf3b6523b92cca3891ff03f0ba712f3659ec8a91bba686b519f6f89f4a79e16b6265756d07954b62339eace826a3fef02d58414f6727d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe

Filesize
468KB

MD5
fac27b988ab804aa1cd8975e407edb9b

SHA1
52388b34abf4b804e56147d3c890000dc398f587

SHA256
af108fa5078f16aa7a78ddd5eb99b244b248594eec84867e2cd2c481a63fadcd

SHA512
76a1745fc696cd6397205cc8c4887d0c224bc510d5115be6fa817dc4cc7465c0c819caa9c3fc5cb06309d2e3f317dfe5dbd3c73c5d66bc10a5142a4c4cfe1337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe

Filesize
468KB

MD5
0d6e3f7e3da42774cdb2f2c3c8c480dd

SHA1
3368d89cb406712acc3c9695a87d7c315d3ef3c9

SHA256
bd424f8f7965d3e1b236ab572d17c79bfddbfff0e71f11f044aa3655a8ff8d02

SHA512
0f1b350342a01aba9bfef98d059332d3577b17ddcfb76c9ed6438941cf3f78800398cf0dc45865069dfcec0e3743436dafe6449d40163073cacbe87764ad799f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46051.exe

Filesize
468KB

MD5
840c7ebb9c721dfcc685fae445a35e4a

SHA1
31befb43a32666f3cbcc8372a2932cb06b3c25c4

SHA256
e154a8b1b81d2a2e802e1189e958dc0868a1a4baa8ce921069beeab68a3e15dc

SHA512
39d374ce802b03d278b2d8a07088f991288556263ba7f8b60789a6316dfe5a834c1c9c9b673281cc897c46ebab215091325aee066c51c62bdc4e44557d6a93fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe

Filesize
468KB

MD5
ea35dafd4a7779aa3e2ea0f560b3549e

SHA1
9d1ad60b28239b47ef30836e13289979e093ed0b

SHA256
3023a80a120d2963743aea9bf2c0c6c1058439095d3fbd4033fb44d82702aae4

SHA512
343a852b69dc25ed613fe56110893a0e8255f7664afe92a77687d1245f0d89907b343f41e58f65e541412774c4aeaaf157899ef014804ae6a2fbfc08fbf6b7a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe

Filesize
468KB

MD5
d663451859726c2c89aa2fced58d74f1

SHA1
8ffc002884374a14eb4c225f9e7b58367a659635

SHA256
e4ec6de5196ec75aea58491aeb977841c7fb861b662ea973b2efcba7c8766d70

SHA512
34a1c637e8e9522c9cb7326157095fdb7120952243d4e1c07504d9cff4f547ad5500f8ec2fa976d84f0487b01ef6e0f3fcbe7f8f7263b9aff5b0a6b185126958

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe

Filesize
468KB

MD5
e88753f559ed910e3e874f9da2bdaeda

SHA1
3615eafce1da54f271b59301082a2bbae9deb559

SHA256
c23c4fa3caf00f7a0fa5d907ca4612aa06b412c1a306f89bd9feff591b34a124

SHA512
3440487b9c3c2182e021f688c1a06fcec0b60fbdc9775a4227c482a9775f2ea7d2c5df5634b9c96b79c7094262ca7f60ec3830297813263dc5ceda48ea2b21c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe

Filesize
468KB

MD5
4acef6e4589aa245889bc67022becefb

SHA1
89a19358e71fec6179c4fc70ce5a6e07efeb8ff2

SHA256
88ea64cda512167f9febfe04fe5ce5faabd8e7125b261121538fe0dcc8c23dd9

SHA512
04cef3f5e9c0a925b01baaefb8d3049e37d815264baaca2aa5c79ee2ca0c296ff8e40118e47bb9a04c0599f8d5de39cfc2dcf883740d4e0b5dd79c4f8d8cbdc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe

Filesize
468KB

MD5
8a43066134904aca7b7c795b40a0486b

SHA1
022c0b17057db95e08d755789b32041546ef1d44

SHA256
1d51c9281d784f1e10eb5699c8178e947586a2dbb196954f34bf251d79aee34e

SHA512
43e39133878b42c5b2700680eaba750192ff5f7aa66411160af5041dc92dd55b07da157db5aecff2a436e1a6fedea3490b633ec94ab9d9f695e8951b3156b94b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe

Filesize
468KB

MD5
39f890b69ecde164eed2f4d4ec8c85e5

SHA1
1e078751cd88187b0350cb9ac70ed974ea4a14f6

SHA256
eda0fb2ec9b7fba66f68dac2cf51339aa346f8ef32a340df07428f7c78e9d752

SHA512
ed6c723c22de469ef4d75236a02ccd2c65ab8b3800011ccf13b6de7da9dde5d3051ec0f3ab87f2436ea236ccb8ede1b78bfe30f4cce885cc63d45f6129acc0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe

Filesize
468KB

MD5
183acb9bdfd79c8c1c946e594071ef63

SHA1
8931e44cde06014ea585e27a6cbeda0ffc107709

SHA256
88af5814aa204fc614414bd04c2c976dca0105d0c98d67a9591f718fc6985433

SHA512
e19401055375493495a05a0eab6ecd8307ae3345eac77aee27a212a08d5488c65560c41a46363cfeea36400041eacf6aac1a10d5f9ecd40d8815048e39ff1cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe

Filesize
468KB

MD5
3ab5294b50dbf394c51f7d47c6f69b79

SHA1
7a58527c52a5c86d6ab5dfe0021833bb781f4155

SHA256
133825c8f91c576f0e91f66d5fd9cd68a8cbacfad7f49dff2e988edf0a0e23f6

SHA512
501641ed241a38e1c146457adede546bfcf6e34548b22d6439562e540e432035b881fb2c0a93a0e400c90c1b83b9c9fb45b2d526c703a590bf2f9473205bfabc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe

Filesize
468KB

MD5
febfe101137a85abff3e77c90074eb37

SHA1
143d29a513c50f6a019fc7a3474b52f2c571286a

SHA256
0d977bce05f28a3e113a666ea74846c75e606145d0cda2fc4d05369f635eecaa

SHA512
dd625296dfeb3a7a144760b591c8b540e8d530f927b84cc1422dec73de4a1797803ca3b10aa69f66278e6841111015d606386216a58467bc530ef5066ae71c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe

Filesize
468KB

MD5
42e02e5ec3ab71284a91db4c2dd97fe4

SHA1
da16c3aff265d7d8ac7cd18380951f521f0ea50c

SHA256
bd441098c0139bec800f4e04b73d47fd68780f835d6b17e12f9b32c8a534ec35

SHA512
7c4bb019eebfddbb99aa6223386358ee0b0ef33781c938b8c4f4b4084ef51f675ac89058f49fe704f664611b77153642b0311b8215f5b318fbf506b345396eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe

Filesize
468KB

MD5
44c6b33398dd430730da8af67060c1b4

SHA1
36ffb0b1261ab9d1d75cfa7a4cf043688b71646d

SHA256
7ac1bc91380da805ce99313bbd141abc4418bfa06a1de46693883dbbc113d759

SHA512
1f6dee7ad0317a0a67bdc6e38583ef6c1bb294a851c89348c0313fccb36a40a04d03baa128dbdd831f11c867b315e641d6bf110339d469150e903a5909eb3f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe

Filesize
468KB

MD5
3d111338ee46db0dcef680641e42b243

SHA1
0f25e828bb80f116965637c4e951a9413aea00f6

SHA256
112c6377e08de40c70d1cae605660270dcc9d3fd4b9c2d2d7c762ead6416fbcc

SHA512
7e3ed91277d486e417bb79cc2abc033459b25d47db39654b076996d822e361bf1f4cc81fcb929c4eb2f8a29dd7542bc14e28cadb04b0ea28f03de0a44eecbd11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe

Filesize
468KB

MD5
6abc4303c7356cd57bf3a191a065c529

SHA1
ddf1c3ebc4fe58b7df6b7173221cbae51fb3730d

SHA256
4491189301f61c53e43984063be375177ef8e5a8924b5e9bf29775c60cbcaeda

SHA512
46869325d3ba78a1f8e0d1a508ca6dc0aba6033bba0f3a6866263fe397891cabfb452947d5742b360f387e538f396eb24596d9b8637eb6db4d077ef4802de852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe

Filesize
468KB

MD5
c6711d6b77e5b41418cae587aea639cd

SHA1
f296e15b9fd11e64d1296ed55b8f03bc552b103e

SHA256
1b7a0f0f514b19418758f277a31b50a9e4971abcdc0f224682ec5056dfa88cf3

SHA512
0506df90e62cba9624486bf10149760031fe8cf4e6f486c19098a1cad6f3dfe34a127984b81f73c6966af4af026c1ea1532e6e4f662c9986b42dbd1afdfa97a2

Download Submit
memory/800-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1084-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1084-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1128-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1140-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1192-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-108-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2056-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2056-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3040-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3112-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3148-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3240-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3428-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3432-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3444-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-70-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3552-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3868-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3924-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4024-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-2971-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4444-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4760-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4780-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4780-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4780-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4856-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4896-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4956-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5152-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5256-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5288-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5408-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5436-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5456-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5488-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5528-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5644-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5660-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5696-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5728-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5792-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5840-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5848-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5896-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5908-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5928-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5936-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5956-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5992-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6000-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6032-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6040-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6072-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9712-2948-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/11928-2972-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download