4ebeb46a6f9d32d1b65eb0a6ab0a82c685eb0ef1ef1f05a0453ac5ee5eb2e353

Analysis

max time kernel
119s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3e683ac3103d2784ff347fb746d5ab0N.exe
Size

184KB
MD5

e3e683ac3103d2784ff347fb746d5ab0
SHA1

12dd7c654677c84f8f45adc208a6f8cc2b61a784
SHA256

4ebeb46a6f9d32d1b65eb0a6ab0a82c685eb0ef1ef1f05a0453ac5ee5eb2e353
SHA512

602873bfac5c6c86dbf7400bf6b86b0a6292c5f8f3b077072def23292725667507c65034ba3d2d8f5e46e7a68239288aeaa41e2fb9656f23b04832ef46069fbb
SSDEEP

3072:CohQP8oTV3KudFaWe3CLq5sqPlnViFYn3:CoVocqFaMLqsqPlnViFY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
772	Unicorn-61660.exe
4872	Unicorn-18620.exe
2816	Unicorn-52039.exe
3336	Unicorn-28900.exe
924	Unicorn-20732.exe
4176	Unicorn-866.exe
4964	Unicorn-57244.exe
1728	Unicorn-48692.exe
3536	Unicorn-40524.exe
5040	Unicorn-20658.exe
5100	Unicorn-24742.exe
2476	Unicorn-56017.exe
3676	Unicorn-19815.exe
3092	Unicorn-59909.exe
1032	Unicorn-51741.exe
4900	Unicorn-47657.exe
2600	Unicorn-31321.exe
4344	Unicorn-8523.exe
4384	Unicorn-11455.exe
4668	Unicorn-760.exe
3244	Unicorn-38263.exe
2516	Unicorn-54045.exe
4024	Unicorn-9888.exe
1936	Unicorn-5804.exe
2784	Unicorn-35139.exe
4268	Unicorn-26971.exe
4732	Unicorn-42753.exe
548	Unicorn-2083.exe
2800	Unicorn-21949.exe
1212	Unicorn-13780.exe
2264	Unicorn-39031.exe
2140	Unicorn-53573.exe
3096	Unicorn-25539.exe
3268	Unicorn-16433.exe
3120	Unicorn-53936.exe
336	Unicorn-49468.exe
3752	Unicorn-33729.exe
4632	Unicorn-17009.exe
852	Unicorn-58596.exe
4928	Unicorn-42259.exe
4968	Unicorn-16817.exe
3780	Unicorn-480.exe
4980	Unicorn-53765.exe
2648	Unicorn-45597.exe
2536	Unicorn-45597.exe
2032	Unicorn-25177.exe
640	Unicorn-5311.exe
4436	Unicorn-5311.exe
720	Unicorn-18161.exe
1096	Unicorn-51580.exe
4068	Unicorn-64408.exe
1504	Unicorn-10568.exe
1720	Unicorn-35819.exe
1004	Unicorn-2208.exe
3796	Unicorn-30989.exe
3204	Unicorn-22437.exe
1704	Unicorn-59940.exe
4800	Unicorn-43049.exe
1808	Unicorn-27673.exe
4408	Unicorn-56624.exe
4316	Unicorn-20465.exe
1620	Unicorn-36993.exe
956	Unicorn-61860.exe
4464	Unicorn-36801.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3896	3344	WerFault.exe	82
956	772	WerFault.exe	87
2688	4872	WerFault.exe	92
4500	2816	WerFault.exe	93
1808	3336	WerFault.exe	98
4940	924	WerFault.exe	99
4984	4176	WerFault.exe	100
4856	4964	WerFault.exe	105
2280	5040	WerFault.exe	108
2592	3536	WerFault.exe	109
4516	1728	WerFault.exe	106
2224	5100	WerFault.exe	107
880	2476	WerFault.exe	114
3632	3676	WerFault.exe	115
464	1032	WerFault.exe	117
1584	3092	WerFault.exe	116
4996	4900	WerFault.exe	118
5040	3780	WerFault.exe	160
880	4668	WerFault.exe	128
3092	2516	WerFault.exe	130
4940	3244	WerFault.exe	129
3496	4024	WerFault.exe	131
1356	4268	WerFault.exe	134
3480	1212	WerFault.exe	138
2188	548	WerFault.exe	136
5368	336	WerFault.exe	154
6084	3752	WerFault.exe	155
4712	4632	WerFault.exe	156
5468	640	WerFault.exe	164
5024	4316	WerFault.exe	192
4952	4436	WerFault.exe	166
1352	3212	WerFault.exe	217
2928	3624	WerFault.exe	249
5024	1004	WerFault.exe	176
2136	1704	WerFault.exe	182
4776	6128	WerFault.exe	392
6964	5940	WerFault.exe	289
5644	1356	WerFault.exe	298
7048	5272	WerFault.exe	307
2136	408	WerFault.exe	375
5328	6180	WerFault.exe	424
4852	5308	WerFault.exe	407
5224	6224	WerFault.exe	427
7008	5500	WerFault.exe	541
5036	6860	WerFault.exe	556
4592	3152	WerFault.exe	566
3556	5240	WerFault.exe	584
1424	4496	WerFault.exe	631
5472	5692	WerFault.exe	650
6604	5664	WerFault.exe	663
6268	5296	WerFault.exe	655
6176	3096	WerFault.exe	672
5916	2364	WerFault.exe	649
6292	2428	WerFault.exe	661
6136	6060	WerFault.exe	677
3244	7164	WerFault.exe	682
5372	4288	WerFault.exe	693
6684	5392	WerFault.exe	688
2688	4552	WerFault.exe	710
6416	4272	WerFault.exe	697
6332	6392	WerFault.exe	706
6976	1384	WerFault.exe	733
1636	3836	WerFault.exe	780
5676	3204	WerFault.exe	718

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e3e683ac3103d2784ff347fb746d5ab0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53765.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3344	e3e683ac3103d2784ff347fb746d5ab0N.exe
772	Unicorn-61660.exe
4872	Unicorn-18620.exe
2816	Unicorn-52039.exe
3336	Unicorn-28900.exe
924	Unicorn-20732.exe
4176	Unicorn-866.exe
4964	Unicorn-57244.exe
3536	Unicorn-40524.exe
5040	Unicorn-20658.exe
1728	Unicorn-48692.exe
5100	Unicorn-24742.exe
2476	Unicorn-56017.exe
3676	Unicorn-19815.exe
3092	Unicorn-59909.exe
1032	Unicorn-51741.exe
2600	Unicorn-31321.exe
4344	Unicorn-8523.exe
4900	Unicorn-47657.exe
4384	Unicorn-11455.exe
4668	Unicorn-760.exe
3244	Unicorn-38263.exe
2516	Unicorn-54045.exe
4024	Unicorn-9888.exe
1936	Unicorn-5804.exe
2784	Unicorn-35139.exe
4268	Unicorn-26971.exe
548	Unicorn-2083.exe
2800	Unicorn-21949.exe
4732	Unicorn-42753.exe
1212	Unicorn-13780.exe
2264	Unicorn-39031.exe
2140	Unicorn-53573.exe
3096	Unicorn-25539.exe
3268	Unicorn-16433.exe
3120	Unicorn-53936.exe
336	Unicorn-49468.exe
3752	Unicorn-33729.exe
4632	Unicorn-17009.exe
852	Unicorn-58596.exe
4928	Unicorn-42259.exe
4968	Unicorn-16817.exe
3780	Unicorn-480.exe
2536	Unicorn-45597.exe
2648	Unicorn-45597.exe
4980	Unicorn-53765.exe
2032	Unicorn-25177.exe
1096	Unicorn-51580.exe
640	Unicorn-5311.exe
720	Unicorn-18161.exe
4436	Unicorn-5311.exe
4068	Unicorn-64408.exe
1504	Unicorn-10568.exe
1720	Unicorn-35819.exe
1004	Unicorn-2208.exe
1704	Unicorn-59940.exe
3796	Unicorn-30989.exe
3204	Unicorn-22437.exe
4800	Unicorn-43049.exe
1808	Unicorn-27673.exe
4408	Unicorn-56624.exe
4316	Unicorn-20465.exe
1620	Unicorn-36993.exe
956	Unicorn-61860.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 772	3344	e3e683ac3103d2784ff347fb746d5ab0N.exe	87
PID 3344 wrote to memory of 772	3344	e3e683ac3103d2784ff347fb746d5ab0N.exe	87
PID 3344 wrote to memory of 772	3344	e3e683ac3103d2784ff347fb746d5ab0N.exe	87
PID 772 wrote to memory of 4872	772	Unicorn-61660.exe	92
PID 772 wrote to memory of 4872	772	Unicorn-61660.exe	92
PID 772 wrote to memory of 4872	772	Unicorn-61660.exe	92
PID 3344 wrote to memory of 2816	3344	e3e683ac3103d2784ff347fb746d5ab0N.exe	93
PID 3344 wrote to memory of 2816	3344	e3e683ac3103d2784ff347fb746d5ab0N.exe	93
PID 3344 wrote to memory of 2816	3344	e3e683ac3103d2784ff347fb746d5ab0N.exe	93
PID 4872 wrote to memory of 3336	4872	Unicorn-18620.exe	98
PID 4872 wrote to memory of 3336	4872	Unicorn-18620.exe	98
PID 4872 wrote to memory of 3336	4872	Unicorn-18620.exe	98
PID 2816 wrote to memory of 924	2816	Unicorn-52039.exe	99
PID 2816 wrote to memory of 924	2816	Unicorn-52039.exe	99
PID 2816 wrote to memory of 924	2816	Unicorn-52039.exe	99
PID 772 wrote to memory of 4176	772	Unicorn-61660.exe	100
PID 772 wrote to memory of 4176	772	Unicorn-61660.exe	100
PID 772 wrote to memory of 4176	772	Unicorn-61660.exe	100
PID 3336 wrote to memory of 4964	3336	Unicorn-28900.exe	105
PID 3336 wrote to memory of 4964	3336	Unicorn-28900.exe	105
PID 3336 wrote to memory of 4964	3336	Unicorn-28900.exe	105
PID 924 wrote to memory of 1728	924	Unicorn-20732.exe	106
PID 924 wrote to memory of 1728	924	Unicorn-20732.exe	106
PID 924 wrote to memory of 1728	924	Unicorn-20732.exe	106
PID 2816 wrote to memory of 5040	2816	Unicorn-52039.exe	108
PID 2816 wrote to memory of 5040	2816	Unicorn-52039.exe	108
PID 2816 wrote to memory of 5040	2816	Unicorn-52039.exe	108
PID 4176 wrote to memory of 3536	4176	Unicorn-866.exe	109
PID 4176 wrote to memory of 3536	4176	Unicorn-866.exe	109
PID 4176 wrote to memory of 3536	4176	Unicorn-866.exe	109
PID 4872 wrote to memory of 5100	4872	Unicorn-18620.exe	107
PID 4872 wrote to memory of 5100	4872	Unicorn-18620.exe	107
PID 4872 wrote to memory of 5100	4872	Unicorn-18620.exe	107
PID 4964 wrote to memory of 2476	4964	Unicorn-57244.exe	114
PID 4964 wrote to memory of 2476	4964	Unicorn-57244.exe	114
PID 4964 wrote to memory of 2476	4964	Unicorn-57244.exe	114
PID 3336 wrote to memory of 3676	3336	Unicorn-28900.exe	115
PID 3336 wrote to memory of 3676	3336	Unicorn-28900.exe	115
PID 3336 wrote to memory of 3676	3336	Unicorn-28900.exe	115
PID 5040 wrote to memory of 3092	5040	Unicorn-20658.exe	116
PID 5040 wrote to memory of 3092	5040	Unicorn-20658.exe	116
PID 5040 wrote to memory of 3092	5040	Unicorn-20658.exe	116
PID 3536 wrote to memory of 1032	3536	Unicorn-40524.exe	117
PID 3536 wrote to memory of 1032	3536	Unicorn-40524.exe	117
PID 3536 wrote to memory of 1032	3536	Unicorn-40524.exe	117
PID 1728 wrote to memory of 4900	1728	Unicorn-48692.exe	118
PID 1728 wrote to memory of 4900	1728	Unicorn-48692.exe	118
PID 1728 wrote to memory of 4900	1728	Unicorn-48692.exe	118
PID 5100 wrote to memory of 2600	5100	Unicorn-24742.exe	120
PID 5100 wrote to memory of 2600	5100	Unicorn-24742.exe	120
PID 5100 wrote to memory of 2600	5100	Unicorn-24742.exe	120
PID 924 wrote to memory of 4344	924	Unicorn-20732.exe	121
PID 924 wrote to memory of 4344	924	Unicorn-20732.exe	121
PID 924 wrote to memory of 4344	924	Unicorn-20732.exe	121
PID 4176 wrote to memory of 4384	4176	Unicorn-866.exe	119
PID 4176 wrote to memory of 4384	4176	Unicorn-866.exe	119
PID 4176 wrote to memory of 4384	4176	Unicorn-866.exe	119
PID 2476 wrote to memory of 4668	2476	Unicorn-56017.exe	128
PID 2476 wrote to memory of 4668	2476	Unicorn-56017.exe	128
PID 2476 wrote to memory of 4668	2476	Unicorn-56017.exe	128
PID 4964 wrote to memory of 3244	4964	Unicorn-57244.exe	129
PID 4964 wrote to memory of 3244	4964	Unicorn-57244.exe	129
PID 4964 wrote to memory of 3244	4964	Unicorn-57244.exe	129
PID 3676 wrote to memory of 2516	3676	Unicorn-19815.exe	130

C:\Users\Admin\AppData\Local\Temp\e3e683ac3103d2784ff347fb746d5ab0N.exe
"C:\Users\Admin\AppData\Local\Temp\e3e683ac3103d2784ff347fb746d5ab0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        10⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        11⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        12⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        11⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        12⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        13⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        14⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        15⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        16⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
        17⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33577.exe
        18⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        19⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35719.exe
        16⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        17⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        18⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 640
        14⤵
        Program crash
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 728
        12⤵
        Program crash
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        11⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        12⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        13⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        14⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        15⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        16⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        17⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        12⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        13⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        14⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        15⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        12⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        13⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        14⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        15⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        16⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        17⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        18⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        11⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        13⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        14⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        15⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        16⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        17⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        18⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        15⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        16⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        17⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 740
        8⤵
        Program crash
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        11⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        12⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 480
        10⤵
        Program crash
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        10⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        12⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        13⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        14⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        15⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        16⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        17⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        16⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        17⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        15⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 740
        15⤵
        Program crash
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 752
        14⤵
        Program crash
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 736
        9⤵
        Program crash
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        8⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 740
        7⤵
        Program crash
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        11⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        12⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        13⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe
        14⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        15⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        16⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        17⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        18⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        17⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        11⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        12⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        13⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        15⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        13⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        14⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        15⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        11⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        12⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        13⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 648
        9⤵
        Program crash
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 716
        8⤵
        Program crash
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 648
        7⤵
        Program crash
        
        PID:4940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 744
        6⤵
        Program crash
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        10⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        11⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25399.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 632
        10⤵
        Program crash
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 752
        7⤵
        Program crash
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        10⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        12⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        14⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        15⤵
        
        PID:1844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 752
        6⤵
        Program crash
        
        PID:3632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 748
        5⤵
        Program crash
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        11⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        12⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        13⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        14⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        15⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        16⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        17⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        18⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        11⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        12⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        13⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        14⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        15⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        16⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48673.exe
        17⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        18⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 544
        16⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        10⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        13⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        14⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
        15⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        16⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        17⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        15⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        16⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        10⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        11⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        12⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        13⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
        14⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        15⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        16⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 696
        13⤵
        Program crash
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe
        11⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        12⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        13⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        8⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        10⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        12⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        13⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        14⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        15⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        14⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 656
        13⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 748
        7⤵
        Program crash
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        11⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        12⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        13⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        14⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        15⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 648
        13⤵
        Program crash
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 648
        10⤵
        Program crash
        
        PID:5328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 736
        6⤵
        Program crash
        
        PID:2188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 716
        5⤵
        Program crash
        
        PID:2224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 728
      4⤵
      Program crash
      PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        11⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
        12⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        13⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        14⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        15⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        16⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 632
        17⤵
        Program crash
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 600
        16⤵
        Program crash
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 748
        9⤵
        Program crash
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        12⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        13⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        14⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        15⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        16⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        17⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        16⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 660
        14⤵
        Program crash
        
        PID:1424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 664
        13⤵
        Program crash
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 728
        8⤵
        Program crash
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
        11⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        12⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        13⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        14⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        15⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        16⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        17⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        11⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        13⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        14⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        9⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        11⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        12⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        13⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        14⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        15⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65473.exe
        16⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        17⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        16⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 636
        10⤵
        Program crash
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        12⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        13⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        14⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
        15⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        16⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        11⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        12⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        13⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 648
        10⤵
        Program crash
        
        PID:4852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 760
        6⤵
        Program crash
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        11⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        12⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        13⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        11⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        12⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        13⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        14⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        15⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        16⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        17⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 660
        14⤵
        Program crash
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        8⤵
        
        PID:4632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 744
        5⤵
        Program crash
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        7⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        11⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        12⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        13⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        14⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        15⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        16⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        15⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        16⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 748
        12⤵
        Program crash
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        8⤵
        
        PID:5040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 728
        6⤵
        Program crash
        
        PID:5368
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 744
      4⤵
      Program crash
      PID:4984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 748
    3⤵
    - Program crash
    PID:956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        10⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        11⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        12⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        13⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        14⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        15⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        16⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 744
        13⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        12⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        13⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        14⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        15⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
        16⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        17⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 600
        11⤵
        Program crash
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        10⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5311.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49785.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        11⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        12⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        13⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        14⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        15⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        16⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 660
        13⤵
        Program crash
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 740
        8⤵
        Program crash
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 656
        7⤵
        Program crash
        
        PID:5468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 736
        6⤵
        Program crash
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
        8⤵
        
        PID:4444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 752
        5⤵
        Program crash
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44601.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        10⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        12⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        13⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        14⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        15⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        17⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        14⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        15⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        16⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        9⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        10⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        11⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        12⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        14⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        15⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        16⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        17⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        15⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        14⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
        13⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        14⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        15⤵
        
        PID:6056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 724
        6⤵
        Program crash
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        9⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        11⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
        12⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        13⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
        12⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        11⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        12⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        13⤵
        
        PID:6992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 724
      4⤵
      Program crash
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35177.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        11⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        12⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        13⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16325.exe
        14⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        15⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 636
        14⤵
        Program crash
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        9⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        11⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        12⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
        13⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        14⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 628
        13⤵
        Program crash
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        13⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        14⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        15⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        16⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        13⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 628
        12⤵
        Program crash
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 716
        7⤵
        Program crash
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        11⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        13⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        14⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 624
        13⤵
        Program crash
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        11⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        12⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        13⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        14⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        15⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        16⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        17⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
        14⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
        12⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        13⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        14⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        15⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 644
        12⤵
        Program crash
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 636
        8⤵
        Program crash
        
        PID:7048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 744
        6⤵
        Program crash
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        11⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        12⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        13⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        14⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        15⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        14⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        15⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        11⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
        12⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        13⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        14⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        15⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        13⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20395.exe
        14⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        12⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20931.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        11⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        12⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2855.exe
        13⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        12⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 632
        12⤵
        Program crash
        
        PID:6416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 716
        5⤵
        Program crash
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 720
        6⤵
        Program crash
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        11⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        12⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 636
        13⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 656
        12⤵
        Program crash
        
        PID:2688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 712
        5⤵
        Program crash
        
        PID:1356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 736
      4⤵
      Program crash
      PID:2280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 740
    3⤵
    - Program crash
    PID:4500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 764
  2⤵
  - Program crash
  PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3344 -ip 3344
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 772 -ip 772
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4872 -ip 4872
1⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2816 -ip 2816
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3336 -ip 3336
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 924 -ip 924
1⤵
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4176 -ip 4176
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4964 -ip 4964
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3536 -ip 3536
1⤵
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5040 -ip 5040
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1728 -ip 1728
1⤵
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5100 -ip 5100
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2476 -ip 2476
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3676 -ip 3676
1⤵
PID:2672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 3092 -ip 3092
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1032 -ip 1032
1⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2600 -ip 2600
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4344 -ip 4344
1⤵
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4900 -ip 4900
1⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4384 -ip 4384
1⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3780 -ip 3780
1⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4668 -ip 4668
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3244 -ip 3244
1⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2516 -ip 2516
1⤵
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4024 -ip 4024
1⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 1936 -ip 1936
1⤵
PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2784 -ip 2784
1⤵
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4268 -ip 4268
1⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 548 -ip 548
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2264 -ip 2264
1⤵
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1212 -ip 1212
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2800 -ip 2800
1⤵
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4732 -ip 4732
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2140 -ip 2140
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3096 -ip 3096
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3268 -ip 3268
1⤵
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 336 -ip 336
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3120 -ip 3120
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3752 -ip 3752
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4632 -ip 4632
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2536 -ip 2536
1⤵
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 640 -ip 640
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4980 -ip 4980
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 720 -ip 720
1⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 852 -ip 852
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3204 -ip 3204
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4928 -ip 4928
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4316 -ip 4316
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4436 -ip 4436
1⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2032 -ip 2032
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4464 -ip 4464
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1064 -ip 1064
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4356 -ip 4356
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3028 -ip 3028
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3632 -ip 3632
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2280 -ip 2280
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 736 -ip 736
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2648 -ip 2648
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4428 -ip 4428
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1728 -ip 1728
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3712 -ip 3712
1⤵
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4372 -ip 4372
1⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4012 -ip 4012
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1388 -ip 1388
1⤵
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4844 -ip 4844
1⤵
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4968 -ip 4968
1⤵
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2296 -ip 2296
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3212 -ip 3212
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3624 -ip 3624
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1704 -ip 1704
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1004 -ip 1004
1⤵
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4800 -ip 4800
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4000 -ip 4000
1⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3132 -ip 3132
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4272 -ip 4272
1⤵
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1720 -ip 1720
1⤵
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3312 -ip 3312
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1504 -ip 1504
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3156 -ip 3156
1⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1644 -ip 1644
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3244 -ip 3244
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5476 -ip 5476
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1792 -ip 1792
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1132 -ip 1132
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1440 -ip 1440
1⤵
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1096 -ip 1096
1⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4940 -ip 4940
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1400 -ip 1400
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5028 -ip 5028
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4068 -ip 4068
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5204 -ip 5204
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2816 -ip 2816
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3392 -ip 3392
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4036 -ip 4036
1⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3796 -ip 3796
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 956 -ip 956
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5324 -ip 5324
1⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1620 -ip 1620
1⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5544 -ip 5544
1⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4276 -ip 4276
1⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5156 -ip 5156
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1808 -ip 1808
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5140 -ip 5140
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1032 -ip 1032
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5512 -ip 5512
1⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2672 -ip 2672
1⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4856 -ip 4856
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1940 -ip 1940
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5528 -ip 5528
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5220 -ip 5220
1⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 4456 -ip 4456
1⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2516 -ip 2516
1⤵
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5300 -ip 5300
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5720 -ip 5720
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5712 -ip 5712
1⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5196 -ip 5196
1⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4408 -ip 4408
1⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5632 -ip 5632
1⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5692 -ip 5692
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5700 -ip 5700
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5824 -ip 5824
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4392 -ip 4392
1⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5808 -ip 5808
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5188 -ip 5188
1⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4444 -ip 4444
1⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6136 -ip 6136
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5940 -ip 5940
1⤵
PID:696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6128 -ip 6128
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3744 -ip 3744
1⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5876 -ip 5876
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6060 -ip 6060
1⤵
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5764 -ip 5764
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 5840 -ip 5840
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1356 -ip 1356
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5756 -ip 5756
1⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6072 -ip 6072
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5272 -ip 5272
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1908 -ip 1908
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5896 -ip 5896
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 3100 -ip 3100
1⤵
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5812 -ip 5812
1⤵
PID:592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5832 -ip 5832
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5560 -ip 5560
1⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4324 -ip 4324
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5452 -ip 5452
1⤵
PID:2516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5236 -ip 5236
1⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3336 -ip 3336
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5708 -ip 5708
1⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5864 -ip 5864
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4004 -ip 4004
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 1740 -ip 1740
1⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5968 -ip 5968
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4424 -ip 4424
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 1628 -ip 1628
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5264 -ip 5264
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5572 -ip 5572
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4632 -ip 4632
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4496 -ip 4496
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5616 -ip 5616
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5652 -ip 5652
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5428 -ip 5428
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5040 -ip 5040
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5368 -ip 5368
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2488 -ip 2488
1⤵
PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4192 -ip 4192
1⤵
PID:440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3256 -ip 3256
1⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5660 -ip 5660
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 540 -ip 540
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5448 -ip 5448
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5928 -ip 5928
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5400 -ip 5400
1⤵
PID:1284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6040 -ip 6040
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5440 -ip 5440
1⤵
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6108 -ip 6108
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3728 -ip 3728
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3176 -ip 3176
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4944 -ip 4944
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5228 -ip 5228
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5412 -ip 5412
1⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6340 -ip 6340
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6028 -ip 6028
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3104 -ip 3104
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5492 -ip 5492
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5420 -ip 5420
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 720 -ip 720
1⤵
PID:1352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6296 -ip 6296
1⤵
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 1064 -ip 1064
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 408 -ip 408
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6180 -ip 6180
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1380 -ip 1380
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5604 -ip 5604
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 1964 -ip 1964
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 2412 -ip 2412
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6188 -ip 6188
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6020 -ip 6020
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6164 -ip 6164
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6224 -ip 6224
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3296 -ip 3296
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 3500 -ip 3500
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4024 -ip 4024
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5252 -ip 5252
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5772 -ip 5772
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5308 -ip 5308
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4384 -ip 4384
1⤵
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6236 -ip 6236
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2600 -ip 2600
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6156 -ip 6156
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6216 -ip 6216
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6256 -ip 6256
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4564 -ip 4564
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3628 -ip 3628
1⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2692 -ip 2692
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6252 -ip 6252
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5396 -ip 5396
1⤵
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6172 -ip 6172
1⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 1056 -ip 1056
1⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1864 -ip 1864
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3680 -ip 3680
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1728 -ip 1728
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2156 -ip 2156
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1504 -ip 1504
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6736 -ip 6736
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6700 -ip 6700
1⤵
PID:672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2792 -ip 2792
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5480 -ip 5480
1⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6748 -ip 6748
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6988 -ip 6988
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6680 -ip 6680
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6720 -ip 6720
1⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6436 -ip 6436
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5248 -ip 5248
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6708 -ip 6708
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6464 -ip 6464
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6868 -ip 6868
1⤵
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4872 -ip 4872
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5524 -ip 5524
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5548 -ip 5548
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3536 -ip 3536
1⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6292 -ip 6292
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 464 -ip 464
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4360 -ip 4360
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7136 -ip 7136
1⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5352 -ip 5352
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 1916 -ip 1916
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7116 -ip 7116
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6304 -ip 6304
1⤵
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7024 -ip 7024
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4940 -ip 4940
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6432 -ip 6432
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 736 -ip 736
1⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5824 -ip 5824
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4120 -ip 4120
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3984 -ip 3984
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4444 -ip 4444
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5500 -ip 5500
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7064 -ip 7064
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6860 -ip 6860
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5768 -ip 5768
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5244 -ip 5244
1⤵
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 7036 -ip 7036
1⤵
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6744 -ip 6744
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 1652 -ip 1652
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2484 -ip 2484
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3152 -ip 3152
1⤵
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5844 -ip 5844
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7032 -ip 7032
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7160 -ip 7160
1⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6052 -ip 6052
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6000 -ip 6000
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 4716 -ip 4716
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1440 -ip 1440
1⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6276 -ip 6276
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5240 -ip 5240
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5356 -ip 5356
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6948 -ip 6948
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3892 -ip 3892
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 7140 -ip 7140
1⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5800 -ip 5800
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 544 -ip 544
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6320 -ip 6320
1⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 3860 -ip 3860
1⤵
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1740 -ip 1740
1⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6508 -ip 6508
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3008 -ip 3008
1⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5884 -ip 5884
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6728 -ip 6728
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 1876 -ip 1876
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4036 -ip 4036
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7004 -ip 7004
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4656 -ip 4656
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3044 -ip 3044
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1628 -ip 1628
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4696 -ip 4696
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 976 -ip 976
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4340 -ip 4340
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4868 -ip 4868
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3580 -ip 3580
1⤵
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5508 -ip 5508
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6536 -ip 6536
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4496 -ip 4496
1⤵
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5692 -ip 5692
1⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5304 -ip 5304
1⤵
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5664 -ip 5664
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5096 -ip 5096
1⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5296 -ip 5296
1⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5832 -ip 5832
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 7084 -ip 7084
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1388 -ip 1388
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6200 -ip 6200
1⤵
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5696 -ip 5696
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6288 -ip 6288
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5200 -ip 5200
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6040 -ip 6040
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3096 -ip 3096
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2364 -ip 2364
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3280 -ip 3280
1⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4324 -ip 4324
1⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5008 -ip 5008
1⤵
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2428 -ip 2428
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6060 -ip 6060
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1540 -ip 1540
1⤵
PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4268 -ip 4268
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6544 -ip 6544
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5752 -ip 5752
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5760 -ip 5760
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5392 -ip 5392
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4288 -ip 4288
1⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7164 -ip 7164
1⤵
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1244 -ip 1244
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5488 -ip 5488
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3596 -ip 3596
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4856 -ip 4856
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7048 -ip 7048
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1372 -ip 1372
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5260 -ip 5260
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6704 -ip 6704
1⤵
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4444 -ip 4444
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4364 -ip 4364
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6296 -ip 6296
1⤵
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4552 -ip 4552
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 4272 -ip 4272
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5772 -ip 5772
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4000 -ip 4000
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6392 -ip 6392
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1384 -ip 1384
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6940 -ip 6940
1⤵
PID:1160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6588 -ip 6588
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1224 -ip 1224
1⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6388 -ip 6388
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7104 -ip 7104
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5496 -ip 5496
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5468 -ip 5468
1⤵
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2300 -ip 2300
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4440 -ip 4440
1⤵
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3836 -ip 3836
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6448 -ip 6448
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6612 -ip 6612
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3204 -ip 3204
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5344 -ip 5344
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5648 -ip 5648
1⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4260 -ip 4260
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7116 -ip 7116
1⤵
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6740 -ip 6740
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6124 -ip 6124
1⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3564 -ip 3564
1⤵
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 4864 -ip 4864
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4944 -ip 4944
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6440 -ip 6440
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4900 -ip 4900
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6692 -ip 6692
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5184 -ip 5184
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6676 -ip 6676
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6160 -ip 6160
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4984 -ip 4984
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5800 -ip 5800
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5564 -ip 5564
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5168 -ip 5168
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2788 -ip 2788
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2632 -ip 2632
1⤵
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1492 -ip 1492
1⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 516 -ip 516
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5364 -ip 5364
1⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1720 -ip 1720
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3728 -ip 3728
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5912 -ip 5912
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4752 -ip 4752
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6220 -ip 6220
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4464 -ip 4464
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4700 -ip 4700
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3624 -ip 3624
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6664 -ip 6664
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5532 -ip 5532
1⤵
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6020 -ip 6020
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3744 -ip 3744
1⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 3356 -ip 3356
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5288 -ip 5288
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6656 -ip 6656
1⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4968 -ip 4968
1⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
1⤵
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1844 -ip 1844
1⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 336 -ip 336
1⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1964 -ip 1964
1⤵
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6636 -ip 6636
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4776 -ip 4776
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6936 -ip 6936
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 6840 -ip 6840
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6400 -ip 6400
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6384 -ip 6384
1⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6008 -ip 6008
1⤵
PID:672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7028 -ip 7028
1⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2156 -ip 2156
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 5768 -ip 5768
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5368 -ip 5368
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6688 -ip 6688
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1084 -ip 1084
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3580 -ip 3580
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5852 -ip 5852
1⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2648 -ip 2648
1⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 1080 -ip 1080
1⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
1⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
1⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
1⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
1⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
1⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
1⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
1⤵
PID:5484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe

Filesize
184KB

MD5
3cfe4ccb4592c2c0217914577832b4a2

SHA1
8568920b1b12fd4fbdf55fe327457c8a0834b9dc

SHA256
e2572c696dd8d178c5bc7514bdf2646793e20c48352d2cde0ce047ce81c9a6dd

SHA512
d11eab68420280e3a6ae9d7e595c85afe18eca3a3f7a6b9d04cffc97f3f9704215d12033dd5088d5229886f8ebda2a89852b248755c5eeb5a915324819df57d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe

Filesize
184KB

MD5
a243185f49a0447939a82d0ed6d3bebe

SHA1
77358689e0fb5cade9e97be71ef867b8147756d9

SHA256
4b3667db4d980f04f31506682abe24d95208bcd9d14effd459a422fae29950db

SHA512
d33ebf49329e3c728e2f42592e7d37e3abba36459f3a87cc2119e0a0e5644839af5d25985fc72b79b410140b98bcdf996f55950093f53cdcbd30b5fb2ad163e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe

Filesize
184KB

MD5
d395a35fe059b9da3e9f3e44d7f1a3c8

SHA1
6dd417fc825831ab17235c5d1f69335f958dd796

SHA256
c91b9527cebe63f2e3ee40dc2d3c3aa3919c4ae105340589568f487463200698

SHA512
268bf90f2767cfe0a43f2bb3f3f09435eea5bdd77c6df1fe7206b3a0e67c71a44ccfc7e3e1d35fc10c5ee062ea5e294ba48e886b02df25e1e3f21436087fbc38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe

Filesize
184KB

MD5
34680bde394c1fb47d6388d43ef8342a

SHA1
248b31caf5d807a06545c0512a18b702c68fa62e

SHA256
295440a7ac4e8152aa5c8c821bafbff044080595b648d53afde355eef26d09f1

SHA512
c7006d97d18d5c4299e78f7403dfd97027460ee5f915e8c0e564c176c09832954ed31e642198ad8a3035456f968a2270e7521bf1fdcbbbcb6133495cf576e56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe

Filesize
184KB

MD5
20d600227f0174f0a21d9d2caaed85ed

SHA1
2e355854a692984a5423580ebb2ef837581f6b97

SHA256
856c505b40dae9428e977b9620344a651795f3313f6d93920a7dc7f70ee6ce20

SHA512
610d6ed704c1474c2a63b9d1b189f1ef9563dd0a6bdcfd55d6a2b9f7a82508202b1cc33075e5b8dcffb75cbb0f67dd9ea4d0f02148b8f2dd5e005a8075325941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe

Filesize
184KB

MD5
7b016a025a56f0d52161dc2fea957820

SHA1
56d06fb7656c1f766c4ff002f4959d437e04f579

SHA256
7bbe31f1420bb855182e43014ac0b4ba6a8f7adf3af9e4318689a8c82b359e8c

SHA512
7e15e36199059be23832bd093df6bbe4926b362dae33474d03d242e7a9fa56f7b48113df7aedebc74efe05c63af724bbd1f35b2c6a6f82f457b32d57ec9dd7a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe

Filesize
184KB

MD5
3c324e1f5e7ffb8b35d2d3ae6847c924

SHA1
92ab42c0a4820d02db30d451992876ca63eba6d1

SHA256
f7e5766f13a0b47b986195f54af60d6a4afc133da99cd3e0517efc6213433074

SHA512
e1d983f314dab6e8c9ad464a0930a9159cd91061c1c4a0891f4bea5ce36d460b7f84aecf62b3d1f61ca79b2b7be280c0811879b5c05a9153f3a13e3376ebc878

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe

Filesize
184KB

MD5
caa54bba3bd1476791f846eb95d86841

SHA1
9b625bb9f418f145526ca4b05be26c5c862b9a1c

SHA256
606ab941fa5f2c63c3bbc3fde639e4064cd14bb854624548956a5e2e890456d8

SHA512
f736843f5aa3f8844d3f0e7d5f0994053db89c914c0051d7dad6cee7b2a37be1c0eae8b78915703818566f3438877d2199a823e1a574d98ab471ba1f86040986

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe

Filesize
184KB

MD5
fafe182a9cfb036d58911c480330456d

SHA1
1a6ed82af8cd5aa802083f6e076bbc223f49b81b

SHA256
816c4636da18f9374a41ca8e94b59208d036f822cfc6a53ef06e382c48082011

SHA512
8c52b7d5985caf3da4b461df160d45207709382b9e1a9428b5b575e4935cdcb9b0360a219c35852bbb2532601be7b1bc4ca3765e06a4669e6a87c77632489a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe

Filesize
184KB

MD5
06e89cd6b4c83e470f3c394e40f452cc

SHA1
b8cc066bf6be581c099d515d51ab8e8b5934a883

SHA256
cdf120b731bbdd6fce5173da6f596dcdb95988147a624eeed986f082a97e49e5

SHA512
190704146ee75183f116c09ea5e3b7531dd5f862c2fa9448791fb346fe92e1e43b9b1aee102886c887d9ac46c3497130f41bf23da22a3775139d04293b17326e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe

Filesize
184KB

MD5
af60bb3b3c255104272b8dd699b7f2e5

SHA1
42e51cc59e49eaeb6e8013e2e93c22045b5b7074

SHA256
e03bd34a61d2f194f7997e52e39ffee56cc843a68abb7cf22a38e4697d4c7db8

SHA512
a998dd7267730d68f1d0b036fef1682f9792e7e70d13a0c994f21316b4072dcd5480c81a2c31a54a7fc5de6f34b57d820317699d263876a3ad57a55633b15271

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe

Filesize
184KB

MD5
0b4f892eccdacd4817a23bcfa081a662

SHA1
cd5719e4a77f13961d697a54c23a4f1a369488ab

SHA256
f1599406adb07546b013d6bfb205a0900f54997b3f39256d8ce76a356698b65d

SHA512
9420257e1017f8b7c022dbc437a065bb3bcc3eb1c89742cf9fe5f9bd7073cf33ce79d38936d043c0ec9419bf671ad3b9b0e81e89d5f46a3d657a78e1c340c488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe

Filesize
184KB

MD5
f3cf70170028d20fb9b771f4ea4a85a4

SHA1
d4685058572eec0e585135ebc8db4d1d9401c0b9

SHA256
08715a16680ef6bc4c13901297abb353f752b4e9a8cfcb50988904fa57da402a

SHA512
350b2b671cf597fc642a137b1f22bfd51f22f239426ad2681ee0883dbdb719b176226d2ad472e53b999be7e0c1a277bcb28ca51e7025ef003ecd3b85ba8447ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe

Filesize
184KB

MD5
0ff7f6307b6efe2b092488d0eb07afe2

SHA1
b78c1c420f155ca6c15c320c1c9aa6967051cc32

SHA256
e32bc93a89e9b2677b5070465a2c01f3807b794c4c1957f7ec5cbfc0db0dd871

SHA512
5b43d368aa55e6f6b9f3c4fdb65aab1817f0c29280a1c393716bbd6a69ca8a580d706d745b7a5eb413b80488be27cb1dfb29fb510020858bb2ed6766f4b0ce92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe

Filesize
184KB

MD5
d3026b8a3a9cb051fecf45e904b6f266

SHA1
2819b42a359655dbe8b96102e86d4f6284b91a06

SHA256
67b0800f956a4600fb9d0a170939fc42f2d769d4a4682c3e68076e311b51cdee

SHA512
de3816edf4fa485e6243544f074da733a175ecbbeb5962c82ea530255b8c2b8707a10e5ea0825e54bf030a061f6e1801a62a8dd7c9aefac28c259817f09f3cdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe

Filesize
184KB

MD5
457775b918aab2c7dd571f624e472b8c

SHA1
80645b78637fc807b2d67ef298051bd1d58d6eb8

SHA256
66ea740adee8e18e2e082ef1089dd0c3b9b32f7cfe34efcf26914667ff76f8a8

SHA512
15272fb447e6ea21ba12e775b126997ed4badd900dbf237c6743c0873729ba2e3904ae21fe4687d12060e8d007b4a95cc52d73665b52901f386b456b5dd37361

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe

Filesize
184KB

MD5
e6f4f4e110d7f2e8fe55f37ae8e346fd

SHA1
0b3217dbdd3483bf02fbd19477486b7fe700164a

SHA256
7e6c0144c118e71b2c0b03a9e93513a6f108ee0593d57d306fedc59a47e32155

SHA512
bb73432e1ae51f3718dcff71145efd72ddd4d9bf50ef7fac39c716c0363469cbe943735b1f7389cd0ab0d785d324a1202812bb5d9038078afdf4b5fb0793fa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe

Filesize
184KB

MD5
1b843980e3b489ee231215ff479cb327

SHA1
156c3d2f75bf604f84cf5f4972321123b40dddf9

SHA256
07a77db173ae9addd9633c70f1fe3428562477132431fea0e9fa13d5608bbc6c

SHA512
f2787cdf2fa45da456c2addf9279bbe03ac0fc6345a4693fab94a1368208afea9973aa4d4eea67d3cbe3b563a1b32c66185092c2e1a422c43f24f8473b0c5f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe

Filesize
184KB

MD5
6f7fe8e219a9ab0618f97ec84823af40

SHA1
6311fb81c9d6f60c724536bf5ed895135ec63510

SHA256
ebcaf0adcdc1be915a73c6c55f4f367d9f4143424d8d5f83045c9bc535dbdea8

SHA512
1a324e6c0130231bfe26911f4ca3b3685de6799a7d80e443fe5e0f8c42da373cb49167f3d90376785036d13f4dc734f17423c2fc7d6a0a44f92d489b357153c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe

Filesize
184KB

MD5
e6cb4165fb136dc282a947c5dc41107a

SHA1
6bff64a523249edab6dfd2237d774ac78af65314

SHA256
b5513cdbafff6273169b64b9c1f9032fc54b504d7de029d1ae48194ff0bb212f

SHA512
b115f2ee4328c9e112f184e0938bd750a419f3c513d9e7a7c678eae44fb7aa53f41705f9d7a6e39e9e608339c2dadfd56c2581c51f2ed655e7b0d9ce01a42816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe

Filesize
184KB

MD5
f9466331cd5aa8e61159872aad1ed512

SHA1
9b12ab245d39282e8ad20a08eef01194a697bd81

SHA256
81cf7768d0c44e1b6500ae1b1d7cdd0efc5883f26437ddad6674699e90a19c69

SHA512
87402b57962fac15d74559c003e9880c8c4eece90767cb07138e2d0213b968acee253f0b529e846ccec5ecabb220d2029546aa494c52dc20812cfc66c057e6d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe

Filesize
184KB

MD5
3e822804c6ec911fc2259abf1ac91d94

SHA1
d1e408e31ddfc889546bc7bb8cd7e477133d3c83

SHA256
dd0135c429dc3b84602612afc80f019f0aee19bbd0360f1d5e5d084d75d0dcec

SHA512
e706776bfde0ef285df90711e10f86a3f2153d3ba01e0f05f7c844dd529e1dcd51927c070d39e56c1fb114ad39b99895b63c4891be9232594817ed7aef4606e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe

Filesize
184KB

MD5
0be6e9f808c4f7e3e72898eb0410b3ef

SHA1
b185b1777c0306c8f5006eb329e7d10b68184094

SHA256
1c66aaa09fd7451ec7b80a552f16c233db9ebdaeb983a861b4015ee3ef4a0669

SHA512
aa87a2822ad358112a212e94626d83248e5f9c2eca25312f574c45a4999918e239575432f5dae0243551e6f2d2c35a7b5c8ea315414c41b9e45e3a53f22f11df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe

Filesize
184KB

MD5
d19d50c3912e4d545570ed6c8ef1348c

SHA1
39455345da5f397272f3529b1c5714f6d10898c8

SHA256
25a7f71930c96b4704c8dd30466103a37bf33282aebac01bc5d32e7ba9cfcd6c

SHA512
c2c89314fe0e66c6b326f3739a47cb9c375fc03cc1c83eb98c8c4d8035895c0142a4483d21ef0da71381b44f8660deab203f16774b9bac92458ba168fb779cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe

Filesize
184KB

MD5
28b2617d454134407b6407df713bf39a

SHA1
adc5bf5f663d244dbf0062e44c15167beff5055a

SHA256
3c21e0d9a77563dc5429eb612128b7a9fc9433ea7072966f6b1e1bffe5d365e1

SHA512
b554173a62d904faba684573bad41cc7348328c9c9d6580ed97a6c432e5388d68bf281b3886e4b6a6f8b1b3a82aa2346560061ff16e0b2cef5ea95547260e138

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe

Filesize
184KB

MD5
417baf32a490ff0551181e707b422370

SHA1
fdb8117fb822e122d5a6f990a8a65a93d12a177a

SHA256
ec27aee239b8aa8ddb436efed02e0e9f92b0ef2690993428afa3a975607f0e91

SHA512
5609ed04b55a495ac8412c62c1d5e5fee520a4e6929d64d74d9afc2d27c10b0581a6f5919605299f92f27b644beead3899995aa6e5785c69db4d720eb2caca91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe

Filesize
184KB

MD5
4afcd66e4a1e02251be2d569904f8fb2

SHA1
dfb413108d8496a97226d0cba20144f8f710c3ad

SHA256
9f35cd17461c3596eead717593b6f85d2d25f6a579a6a5022003979c91ba4ad9

SHA512
eb90bd3d31355c8ca53d4b049d2448deb2786aaa8f49e68cb975f8da77aadb84c8494a594bce4db9bbbc87441c9f735b65bf3e482895238aaf9d4fbcbc4d0c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56957.exe

Filesize
184KB

MD5
cddf5566b8507c61b8454fdfa9d128c0

SHA1
ba1f2930fae5d1e5ffed7d0c1176d6d2fbd0a4bb

SHA256
2ff0e7797e01b853a1c5d4c82c77597d581e39c1804a56ffab47f7fd84c07593

SHA512
574685a581c68fcd15d96e320ccdee385dcbcfc0518d6e6cd3f8152b7b22e530ef1eaeee6557ba85409616ea1679c360484232025e339137ed02731790f7ab40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe

Filesize
184KB

MD5
205d9432ab30ee16f727d7b598fe9a94

SHA1
285d7763cab080a7c6d9696cea1558c7cdc11539

SHA256
9992a28dc451155816a5de755ccb7215cdacefba262963139c8c05f8ec331d83

SHA512
72fb58f4047ad7e388c711759622de5a4ed25cd126e82df597a9923beaf3604ca8913f4075dfb3121d33b657acafd068df65339335a80ee68d19e461bfe56cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe

Filesize
184KB

MD5
57ae8bf5593716304fc8d1435d1281e0

SHA1
47bf20df8f75ee0481f8b24ae3715e61be08bb45

SHA256
b85bb118f44bc7838d1ce703cd2b3e79dec03ce89a9998caf4904847b5b5ffb7

SHA512
a44d2bf8ffc3dadbcbd1566410e16d1f96dfccc179adefa53311377a8dd89b6f061af727b3716b2a601d04c0d2b3844909e8a573346f103b1f47fec448d0099e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe

Filesize
184KB

MD5
c6160af875abf83de43054c1559a82e7

SHA1
025058dc288c9ddbf6bb7417d9ad81fdfe468400

SHA256
2d86375fe4df603e0b3228629ad190b67d945315133e0cafdca6294ed9575ed9

SHA512
90cf14e1404c7a8a99476a2549fdafb5c6c842b266126d7c2ec38a1e854d8fc5120fe29bfb9178276406a06fe7eda35c7f15ae46e5f7254504052de53d1859df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe

Filesize
184KB

MD5
95e7c4df903d3eacbe216ce0aaa2c219

SHA1
e6ad0eb03fd40e9400714496f6cf1125454bed35

SHA256
fc7422ad6902f9c98b418ee99d4e83395322b0897c946221bf6b9d4c42bc95af

SHA512
6d8eca2f26da3aa3f734a1aca13069d2f6c363160a388fc0f6eee1d932e8324ca8b27b84538a88951499a06b79a1a260bcb4d24e14f1b9694d0a6876f28393b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe

Filesize
184KB

MD5
77be8b6f3e7586c94b365efc0b4f9aaa

SHA1
e0f91a0ec16ee07edbfba7633bad46686c9d07e5

SHA256
323448f89eb37a66b6b3691710ea507b7f7830f86d2a8da7e28796ebec9abdfc

SHA512
eef38b2eca370bb18c285fc928a9ea4a49f6e528859fa6c9c30a2acdf2bf8a89cd74948c5b75eaf482ef3eb9de1c75a3f0a37b0d2c7f5173e40b0a197b5a4d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe

Filesize
184KB

MD5
fb0da163a1dba9485ed6ae948d79a006

SHA1
dd4bc47db58f8555e5fc4fb6cd1b05a065aa0b7b

SHA256
0b44775127c9ec893b1a7c4683d492611b58cf26d41dcbcb8721a30738276da3

SHA512
dbaf378ca29342502b05945cce3a56ad63567941b631cfe7a5948a2d33511cef31301fdd7f95f2c83c33732b5d6dbb8a7fa3e9853af3448a627c77cc9f87f3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe

Filesize
184KB

MD5
cd961645becda1a6b57073586b991963

SHA1
dec4efb86ed0adeca5087b624cca9bd2f57e8a2c

SHA256
9cee74b61f2e16b2dfd3fa2a6f3fac28a16b32775d5e4ba44ccb661648460e5c

SHA512
5382d38db6298d9897d0bd8e6507f7ecc6cd00585ab3c03751e188249c134a3fb930c4398f05c5f6ec5a86e88368d0d8ebbe9c665ccf98d586c643694a35be5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe

Filesize
184KB

MD5
3b46dab9d7067c37bfabee8ac3e71ce5

SHA1
f796274122ae79ea6dc490cee8c5ec9eac458ded

SHA256
f0a0d6f587dd8b4affe14487eeece3581a481662a43580f369ed0301bf2abff9

SHA512
8a65035fc0d3659f8dcb3cefe89f57263bb2ed4f09956bdaed4c71bb822fc175c14748e07cf5fa0f2210772985e07c038ed9bf3b8c72b635adceeca3edfc1911

Download Submit
memory/3676-297-0x0000000075920000-0x00000000759DF000-memory.dmp

Filesize
764KB

Download