74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108

Analysis

max time kernel
120s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
Size

184KB
MD5

e0c376d1ee4b2d16b90e1ee104775650
SHA1

b756f24b412bdcd6a30f3e0b174ce4599c62a3b9
SHA256

74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108
SHA512

e4d2114330069c7825198ade42970bc97d29f9b03600830953250512a3f842a72879564a6a5d86f4e8e5fe8f787d6585b38e5c04594392e5d9af2e321243a240
SSDEEP

3072:ZYqbZxo3nL0Vd+TWeGUjRr3xulnniFOnf:ZYKo4z+TRjh3xulnniFO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
436	Unicorn-10774.exe
2404	Unicorn-42653.exe
4124	Unicorn-10535.exe
2112	Unicorn-37583.exe
3380	Unicorn-21801.exe
3712	Unicorn-18869.exe
2108	Unicorn-49617.exe
1116	Unicorn-52310.exe
1260	Unicorn-6638.exe
2396	Unicorn-25557.exe
4380	Unicorn-42469.exe
3828	Unicorn-41077.exe
620	Unicorn-65027.exe
4740	Unicorn-2183.exe
1168	Unicorn-10948.exe
4224	Unicorn-9557.exe
812	Unicorn-46314.exe
4796	Unicorn-33315.exe
4420	Unicorn-36007.exe
4792	Unicorn-55873.exe
3396	Unicorn-12894.exe
2076	Unicorn-12894.exe
2284	Unicorn-62650.exe
448	Unicorn-59910.exe
2380	Unicorn-14238.exe
2560	Unicorn-40689.exe
1944	Unicorn-16185.exe
5104	Unicorn-8400.exe
4652	Unicorn-11093.exe
920	Unicorn-4316.exe
2012	Unicorn-57601.exe
4348	Unicorn-41819.exe
4108	Unicorn-14622.exe
1040	Unicorn-49433.exe
4040	Unicorn-18707.exe
2432	Unicorn-51934.exe
3964	Unicorn-52147.exe
3788	Unicorn-8976.exe
2384	Unicorn-58732.exe
4160	Unicorn-58732.exe
2836	Unicorn-62261.exe
1592	Unicorn-42395.exe
4320	Unicorn-11498.exe
4344	Unicorn-6023.exe
2652	Unicorn-36003.exe
3712	Unicorn-50393.exe
2808	Unicorn-34611.exe
5048	Unicorn-46117.exe
4892	Unicorn-13999.exe
3220	Unicorn-33865.exe
2548	Unicorn-5831.exe
4092	Unicorn-29781.exe
1244	Unicorn-25697.exe
4464	Unicorn-48255.exe
2308	Unicorn-40641.exe
436	Unicorn-63200.exe
3204	Unicorn-55800.exe
2396	Unicorn-16351.exe
1528	Unicorn-65359.exe
536	Unicorn-34633.exe
372	Unicorn-26465.exe
3844	Unicorn-41409.exe
4656	Unicorn-53107.exe
2956	Unicorn-53107.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4848	1428	WerFault.exe	81
3240	436	WerFault.exe	82
4452	4124	WerFault.exe	88
3596	2404	WerFault.exe	87
3320	2112	WerFault.exe	93
3844	3380	WerFault.exe	94
5008	3712	WerFault.exe	99
1340	2108	WerFault.exe	100
3236	1260	WerFault.exe	101
2532	1116	WerFault.exe	102
3540	2396	WerFault.exe	107
876	4380	WerFault.exe	108
4032	3828	WerFault.exe	109
4172	4740	WerFault.exe	111
32	620	WerFault.exe	110
4572	1168	WerFault.exe	114
1456	4224	WerFault.exe	116
4424	812	WerFault.exe	118
2504	4796	WerFault.exe	119
1612	4792	WerFault.exe	121
5100	3396	WerFault.exe	122
2192	4420	WerFault.exe	120
2688	2380	WerFault.exe	128
4580	448	WerFault.exe	127
1204	2560	WerFault.exe	129
1316	1944	WerFault.exe	134
2044	920	WerFault.exe	139
3700	4652	WerFault.exe	138
2964	1040	WerFault.exe	143
812	2012	WerFault.exe	140
5388	3964	WerFault.exe	148
5396	3788	WerFault.exe	149
5604	2384	WerFault.exe	150
5628	4160	WerFault.exe	151
2192	4892	WerFault.exe	168
2904	3220	WerFault.exe	169
3120	5048	WerFault.exe	167
6092	2308	WerFault.exe	172
6488	3748	WerFault.exe	213
6680	4656	WerFault.exe	188
6752	3204	WerFault.exe	182
6432	5340	WerFault.exe	321
3520	5992	WerFault.exe	305
6720	5312	WerFault.exe	322
4676	1756	WerFault.exe	229
3584	5260	WerFault.exe	314
4144	2432	WerFault.exe	499
6436	2120	WerFault.exe	497
5388	2212	WerFault.exe	526
1860	6960	WerFault.exe	549
6792	6900	WerFault.exe	712
2308	2272	WerFault.exe	765
6032	1848	WerFault.exe	756
6364	6252	WerFault.exe	800
6824	1452	WerFault.exe	846
404	4452	Process not Found	840
6680	1000	Process not Found	873
6568	2532	Process not Found	882
3844	2956	WerFault.exe	845
4412	6524	WerFault.exe	842
2592	3292	Process not Found	876
2956	1136	Process not Found	940
6332	6584	Process not Found	950
2412	5420	Process not Found	872

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4316.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
436	Unicorn-10774.exe
2404	Unicorn-42653.exe
4124	Unicorn-10535.exe
2112	Unicorn-37583.exe
3380	Unicorn-21801.exe
3712	Unicorn-18869.exe
2108	Unicorn-49617.exe
1116	Unicorn-52310.exe
1260	Unicorn-6638.exe
2396	Unicorn-25557.exe
4380	Unicorn-42469.exe
3828	Unicorn-41077.exe
620	Unicorn-65027.exe
4740	Unicorn-2183.exe
1168	Unicorn-10948.exe
4224	Unicorn-9557.exe
812	Unicorn-46314.exe
4796	Unicorn-33315.exe
4420	Unicorn-36007.exe
4792	Unicorn-55873.exe
3396	Unicorn-12894.exe
2284	Unicorn-62650.exe
2076	Unicorn-12894.exe
448	Unicorn-59910.exe
2380	Unicorn-14238.exe
2560	Unicorn-40689.exe
1944	Unicorn-16185.exe
5104	Unicorn-8400.exe
4652	Unicorn-11093.exe
920	Unicorn-4316.exe
2012	Unicorn-57601.exe
4348	Unicorn-41819.exe
4040	Unicorn-18707.exe
1040	Unicorn-49433.exe
4108	Unicorn-14622.exe
2432	Unicorn-51934.exe
3964	Unicorn-52147.exe
3788	Unicorn-8976.exe
2384	Unicorn-58732.exe
4160	Unicorn-58732.exe
2836	Unicorn-62261.exe
1592	Unicorn-42395.exe
4320	Unicorn-11498.exe
4344	Unicorn-6023.exe
2652	Unicorn-36003.exe
3712	Unicorn-50393.exe
2808	Unicorn-34611.exe
5048	Unicorn-46117.exe
4892	Unicorn-13999.exe
2548	Unicorn-5831.exe
3220	Unicorn-33865.exe
436	Unicorn-63200.exe
4092	Unicorn-29781.exe
2308	Unicorn-40641.exe
4464	Unicorn-48255.exe
1244	Unicorn-25697.exe
3204	Unicorn-55800.exe
2396	Unicorn-16351.exe
1528	Unicorn-65359.exe
536	Unicorn-34633.exe
3844	Unicorn-41409.exe
372	Unicorn-26465.exe
4656	Unicorn-53107.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 436	1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	82
PID 1428 wrote to memory of 436	1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	82
PID 1428 wrote to memory of 436	1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	82
PID 436 wrote to memory of 2404	436	Unicorn-10774.exe	87
PID 436 wrote to memory of 2404	436	Unicorn-10774.exe	87
PID 436 wrote to memory of 2404	436	Unicorn-10774.exe	87
PID 1428 wrote to memory of 4124	1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	88
PID 1428 wrote to memory of 4124	1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	88
PID 1428 wrote to memory of 4124	1428	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	88
PID 2404 wrote to memory of 2112	2404	Unicorn-42653.exe	93
PID 2404 wrote to memory of 2112	2404	Unicorn-42653.exe	93
PID 2404 wrote to memory of 2112	2404	Unicorn-42653.exe	93
PID 436 wrote to memory of 3380	436	Unicorn-10774.exe	94
PID 436 wrote to memory of 3380	436	Unicorn-10774.exe	94
PID 436 wrote to memory of 3380	436	Unicorn-10774.exe	94
PID 4124 wrote to memory of 3712	4124	Unicorn-10535.exe	99
PID 4124 wrote to memory of 3712	4124	Unicorn-10535.exe	99
PID 4124 wrote to memory of 3712	4124	Unicorn-10535.exe	99
PID 2112 wrote to memory of 2108	2112	Unicorn-37583.exe	100
PID 2112 wrote to memory of 2108	2112	Unicorn-37583.exe	100
PID 2112 wrote to memory of 2108	2112	Unicorn-37583.exe	100
PID 3380 wrote to memory of 1260	3380	Unicorn-21801.exe	101
PID 3380 wrote to memory of 1260	3380	Unicorn-21801.exe	101
PID 3380 wrote to memory of 1260	3380	Unicorn-21801.exe	101
PID 2404 wrote to memory of 1116	2404	Unicorn-42653.exe	102
PID 2404 wrote to memory of 1116	2404	Unicorn-42653.exe	102
PID 2404 wrote to memory of 1116	2404	Unicorn-42653.exe	102
PID 3712 wrote to memory of 2396	3712	Unicorn-18869.exe	107
PID 3712 wrote to memory of 2396	3712	Unicorn-18869.exe	107
PID 3712 wrote to memory of 2396	3712	Unicorn-18869.exe	107
PID 2108 wrote to memory of 4380	2108	Unicorn-49617.exe	108
PID 2108 wrote to memory of 4380	2108	Unicorn-49617.exe	108
PID 2108 wrote to memory of 4380	2108	Unicorn-49617.exe	108
PID 2112 wrote to memory of 3828	2112	Unicorn-37583.exe	109
PID 2112 wrote to memory of 3828	2112	Unicorn-37583.exe	109
PID 2112 wrote to memory of 3828	2112	Unicorn-37583.exe	109
PID 1116 wrote to memory of 620	1116	Unicorn-52310.exe	110
PID 1116 wrote to memory of 620	1116	Unicorn-52310.exe	110
PID 1116 wrote to memory of 620	1116	Unicorn-52310.exe	110
PID 3380 wrote to memory of 4740	3380	Unicorn-21801.exe	111
PID 3380 wrote to memory of 4740	3380	Unicorn-21801.exe	111
PID 3380 wrote to memory of 4740	3380	Unicorn-21801.exe	111
PID 2396 wrote to memory of 1168	2396	Unicorn-25557.exe	114
PID 2396 wrote to memory of 1168	2396	Unicorn-25557.exe	114
PID 2396 wrote to memory of 1168	2396	Unicorn-25557.exe	114
PID 3712 wrote to memory of 4224	3712	Unicorn-18869.exe	116
PID 3712 wrote to memory of 4224	3712	Unicorn-18869.exe	116
PID 3712 wrote to memory of 4224	3712	Unicorn-18869.exe	116
PID 1260 wrote to memory of 812	1260	Unicorn-6638.exe	118
PID 1260 wrote to memory of 812	1260	Unicorn-6638.exe	118
PID 1260 wrote to memory of 812	1260	Unicorn-6638.exe	118
PID 4380 wrote to memory of 4796	4380	Unicorn-42469.exe	119
PID 4380 wrote to memory of 4796	4380	Unicorn-42469.exe	119
PID 4380 wrote to memory of 4796	4380	Unicorn-42469.exe	119
PID 2108 wrote to memory of 4420	2108	Unicorn-49617.exe	120
PID 2108 wrote to memory of 4420	2108	Unicorn-49617.exe	120
PID 2108 wrote to memory of 4420	2108	Unicorn-49617.exe	120
PID 3828 wrote to memory of 4792	3828	Unicorn-41077.exe	121
PID 3828 wrote to memory of 4792	3828	Unicorn-41077.exe	121
PID 3828 wrote to memory of 4792	3828	Unicorn-41077.exe	121
PID 4740 wrote to memory of 3396	4740	Unicorn-2183.exe	122
PID 4740 wrote to memory of 3396	4740	Unicorn-2183.exe	122
PID 4740 wrote to memory of 3396	4740	Unicorn-2183.exe	122
PID 620 wrote to memory of 2076	620	Unicorn-65027.exe	123

C:\Users\Admin\AppData\Local\Temp\74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
"C:\Users\Admin\AppData\Local\Temp\74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        11⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        12⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        13⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16533.exe
        14⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        16⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        17⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        18⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 736
        13⤵
        Program crash
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        12⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        13⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        14⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29287.exe
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        12⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        13⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        14⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        15⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25739.exe
        16⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        17⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
        10⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        12⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42433.exe
        13⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
        14⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        15⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        16⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        17⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        18⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        17⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        10⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 644
        11⤵
        Program crash
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        12⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        13⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37145.exe
        14⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        15⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        16⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        17⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
        18⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        11⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        12⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        13⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        14⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        15⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        16⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        17⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 760
        8⤵
        Program crash
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
        9⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        11⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        12⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        13⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        14⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58992.exe
        15⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        16⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        17⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 636
        14⤵
        Program crash
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        11⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        12⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        13⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
        14⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        15⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        16⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        17⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        16⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        11⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        12⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        13⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        14⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        15⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        16⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47710.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        12⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        13⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        14⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        15⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 756
        8⤵
        Program crash
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 752
        7⤵
        Program crash
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        12⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        13⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        14⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
        15⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        16⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        11⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        13⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        14⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        15⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        16⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        17⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        16⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        11⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        12⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        13⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        14⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        15⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
        16⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        17⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        16⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        12⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        13⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        14⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        15⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        16⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        15⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 724
        8⤵
        Program crash
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        10⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        11⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        12⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        13⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        14⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 720
        12⤵
        Program crash
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        8⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        12⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6906.exe
        13⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        14⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 712
        7⤵
        Program crash
        
        PID:2192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 756
        6⤵
        Program crash
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        11⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        12⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        13⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        14⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        15⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        16⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        17⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        18⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        11⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        12⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        13⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        14⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        15⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        16⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        17⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        12⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        13⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        14⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        15⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        16⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        16⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 724
        15⤵
        Program crash
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 744
        9⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        11⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        12⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        11⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        12⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        13⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        14⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        15⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        16⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 764
        8⤵
        Program crash
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        10⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        11⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        12⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        13⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        14⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        16⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 708
        16⤵
        Program crash
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 720
        8⤵
        Program crash
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 720
        7⤵
        Program crash
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        10⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        12⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        13⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        14⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        15⤵
        
        PID:7104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 748
        6⤵
        Program crash
        
        PID:4032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 752
        5⤵
        Program crash
        
        PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        10⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        11⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        12⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        14⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
        15⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        16⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
        17⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        18⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        18⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55136.exe
        10⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        11⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        12⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        11⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        12⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 764
        9⤵
        Program crash
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        11⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        12⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        13⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        14⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        15⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        16⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 656
        9⤵
        Program crash
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        11⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        12⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        13⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        14⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        15⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        16⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        12⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        13⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        14⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        15⤵
        
        PID:7120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 724
        6⤵
        Program crash
        
        PID:32
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        12⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
        13⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        14⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        15⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        15⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 752
        7⤵
        Program crash
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        12⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        13⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        14⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        15⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        10⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        11⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        12⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
        13⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        14⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        12⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        13⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 624
        7⤵
        Program crash
        
        PID:6092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 736
        5⤵
        Program crash
        
        PID:2532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 660
      4⤵
      Program crash
      PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        11⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        12⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
        13⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        14⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
        15⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        16⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        17⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        16⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
        11⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        12⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        14⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        15⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 652
        15⤵
        Program crash
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        12⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        13⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        14⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
        15⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        16⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        11⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        12⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        13⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 752
        7⤵
        Program crash
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3221.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        12⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
        13⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        14⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        15⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        16⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        15⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 652
        8⤵
        Program crash
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        8⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 632
        9⤵
        Program crash
        
        PID:6432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 724
        6⤵
        Program crash
        
        PID:4424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 664
        5⤵
        Program crash
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32765.exe
        11⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        12⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        13⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        14⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        15⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        16⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        11⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        12⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        14⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        15⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
        16⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 724
        15⤵
        Program crash
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        11⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        12⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        13⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        14⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        11⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
        12⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        13⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        9⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        11⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        12⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        13⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        14⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        11⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
        10⤵
        
        PID:6912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 764
        6⤵
        Program crash
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        11⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        12⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        13⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        14⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        15⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        14⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 656
        13⤵
        Program crash
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        12⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        14⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        15⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 660
        11⤵
        Program crash
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        9⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        11⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        12⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        13⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        14⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 636
        13⤵
        Program crash
        
        PID:4412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 652
        5⤵
        Program crash
        
        PID:4172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 728
      4⤵
      Program crash
      PID:3844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 724
    3⤵
    - Program crash
    PID:3240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59433.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        12⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        10⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        12⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
        13⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        14⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        15⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        16⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        15⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 712
        8⤵
        Program crash
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        14⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        15⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22843.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 632
        7⤵
        Program crash
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 724
        7⤵
        Program crash
        
        PID:5628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 716
        6⤵
        Program crash
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-938.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        13⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47747.exe
        14⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        15⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 616
        13⤵
        Program crash
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        11⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 664
        9⤵
        Program crash
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        12⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        13⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
        7⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 748
        7⤵
        Program crash
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        9⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        11⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        12⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        13⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        14⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        11⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        12⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        13⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        14⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        13⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 636
        12⤵
        Program crash
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 628
        8⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 716
        6⤵
        Program crash
        
        PID:4580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 728
        5⤵
        Program crash
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        11⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        13⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        14⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        15⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        14⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
        10⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
        11⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        12⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        13⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 744
        7⤵
        Program crash
        
        PID:6752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 732
        6⤵
        Program crash
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        11⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        12⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        13⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
        14⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        15⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        16⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        15⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        9⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        10⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        11⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        12⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        13⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        14⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11208.exe
        11⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        12⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58795.exe
        13⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        14⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        6⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        10⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        11⤵
        
        PID:2384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 652
        6⤵
        Program crash
        
        PID:5604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 740
        5⤵
        Program crash
        
        PID:1456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 752
      4⤵
      Program crash
      PID:5008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 724
    3⤵
    - Program crash
    PID:4452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 724
  2⤵
  - Program crash
  PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1428 -ip 1428
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 436 -ip 436
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4124 -ip 4124
1⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2404 -ip 2404
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2112 -ip 2112
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3380 -ip 3380
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3712 -ip 3712
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2108 -ip 2108
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1260 -ip 1260
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1116 -ip 1116
1⤵
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2396 -ip 2396
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4380 -ip 4380
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3828 -ip 3828
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4740 -ip 4740
1⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 620 -ip 620
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1168 -ip 1168
1⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4224 -ip 4224
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 812 -ip 812
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4796 -ip 4796
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4420 -ip 4420
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4792 -ip 4792
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3396 -ip 3396
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2284 -ip 2284
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2076 -ip 2076
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 448 -ip 448
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2380 -ip 2380
1⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2560 -ip 2560
1⤵
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1944 -ip 1944
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1528 -ip 1528
1⤵
PID:32

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5104 -ip 5104
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4652 -ip 4652
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 920 -ip 920
1⤵
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2012 -ip 2012
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4348 -ip 4348
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4040 -ip 4040
1⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1040 -ip 1040
1⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4108 -ip 4108
1⤵
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2432 -ip 2432
1⤵
PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3964 -ip 3964
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3788 -ip 3788
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2384 -ip 2384
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4160 -ip 4160
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2836 -ip 2836
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1592 -ip 1592
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3308 -ip 3308
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4320 -ip 4320
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4344 -ip 4344
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2652 -ip 2652
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3712 -ip 3712
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2808 -ip 2808
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3220 -ip 3220
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5048 -ip 5048
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4892 -ip 4892
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2548 -ip 2548
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 436 -ip 436
1⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4464 -ip 4464
1⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1244 -ip 1244
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4872 -ip 4872
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2308 -ip 2308
1⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 372 -ip 372
1⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2396 -ip 2396
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4380 -ip 4380
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3748 -ip 3748
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1572 -ip 1572
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3844 -ip 3844
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4656 -ip 4656
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4576 -ip 4576
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3204 -ip 3204
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4124 -ip 4124
1⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1956 -ip 1956
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3352 -ip 3352
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4092 -ip 4092
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3728 -ip 3728
1⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 536 -ip 536
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3808 -ip 3808
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5340 -ip 5340
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 3776 -ip 3776
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4792 -ip 4792
1⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2892 -ip 2892
1⤵
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4512 -ip 4512
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4904 -ip 4904
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2956 -ip 2956
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3152 -ip 3152
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2688 -ip 2688
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4956 -ip 4956
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4452 -ip 4452
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3588 -ip 3588
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1184 -ip 1184
1⤵
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 1332 -ip 1332
1⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5332 -ip 5332
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 636 -ip 636
1⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5520 -ip 5520
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2116 -ip 2116
1⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4568 -ip 4568
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5200 -ip 5200
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5412 -ip 5412
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2036 -ip 2036
1⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1240 -ip 1240
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5492 -ip 5492
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2868 -ip 2868
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 216 -ip 216
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4120 -ip 4120
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4500 -ip 4500
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2284 -ip 2284
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2488 -ip 2488
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5420 -ip 5420
1⤵
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5708 -ip 5708
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5752 -ip 5752
1⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2112 -ip 2112
1⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5680 -ip 5680
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5924 -ip 5924
1⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5428 -ip 5428
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5864 -ip 5864
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5500 -ip 5500
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4508 -ip 4508
1⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4804 -ip 4804
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2724 -ip 2724
1⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2016 -ip 2016
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2504 -ip 2504
1⤵
PID:724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3676 -ip 3676
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4432 -ip 4432
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1456 -ip 1456
1⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1732 -ip 1732
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5312 -ip 5312
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1816 -ip 1816
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5840 -ip 5840
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5992 -ip 5992
1⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1756 -ip 1756
1⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1316 -ip 1316
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6000 -ip 6000
1⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5848 -ip 5848
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5956 -ip 5956
1⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1828 -ip 1828
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3372 -ip 3372
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4480 -ip 4480
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5248 -ip 5248
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5508 -ip 5508
1⤵
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5692 -ip 5692
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 2980 -ip 2980
1⤵
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5444 -ip 5444
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1632 -ip 1632
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1676 -ip 1676
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3380 -ip 3380
1⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1444 -ip 1444
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5232 -ip 5232
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3760 -ip 3760
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5796 -ip 5796
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4528 -ip 4528
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 808 -ip 808
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5888 -ip 5888
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1884 -ip 1884
1⤵
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6308 -ip 6308
1⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1640 -ip 1640
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2964 -ip 2964
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6108 -ip 6108
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5324 -ip 5324
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1040 -ip 1040
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6096 -ip 6096
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6104 -ip 6104
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5724 -ip 5724
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6124 -ip 6124
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5360 -ip 5360
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5936 -ip 5936
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3432 -ip 3432
1⤵
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5832 -ip 5832
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4320 -ip 4320
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4040 -ip 4040
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3716 -ip 3716
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5980 -ip 5980
1⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5404 -ip 5404
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1792 -ip 1792
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4520 -ip 4520
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6024 -ip 6024
1⤵
PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6100 -ip 6100
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6296 -ip 6296
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5544 -ip 5544
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5196 -ip 5196
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5884 -ip 5884
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4696 -ip 4696
1⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5104 -ip 5104
1⤵
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5628 -ip 5628
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6028 -ip 6028
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5260 -ip 5260
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5972 -ip 5972
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6896 -ip 6896
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6172 -ip 6172
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5920 -ip 5920
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5984 -ip 5984
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5364 -ip 5364
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4348 -ip 4348
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6920 -ip 6920
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6936 -ip 6936
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6928 -ip 6928
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5772 -ip 5772
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6228 -ip 6228
1⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6184 -ip 6184
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6800 -ip 6800
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6156 -ip 6156
1⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4356 -ip 4356
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6316 -ip 6316
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5160 -ip 5160
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4464 -ip 4464
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6656 -ip 6656
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2192 -ip 2192
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2576 -ip 2576
1⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6352 -ip 6352
1⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7136 -ip 7136
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 64 -ip 64
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6116 -ip 6116
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6956 -ip 6956
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4340 -ip 4340
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6440 -ip 6440
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 1940 -ip 1940
1⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1956 -ip 1956
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6592 -ip 6592
1⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6168 -ip 6168
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6996 -ip 6996
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4396 -ip 4396
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6424 -ip 6424
1⤵
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2652 -ip 2652
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6180 -ip 6180
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 4872 -ip 4872
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4248 -ip 4248
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 968 -ip 968
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4048 -ip 4048
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6784 -ip 6784
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 4908 -ip 4908
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6648 -ip 6648
1⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 6476 -ip 6476
1⤵
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6672 -ip 6672
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 3564 -ip 3564
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6152 -ip 6152
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5900 -ip 5900
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3020 -ip 3020
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 1864 -ip 1864
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 6944 -ip 6944
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 536 -ip 536
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5180 -ip 5180
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4792 -ip 4792
1⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2508 -ip 2508
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6868 -ip 6868
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4776 -ip 4776
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4140 -ip 4140
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6524 -ip 6524
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 4076 -ip 4076
1⤵
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 2432 -ip 2432
1⤵
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2212 -ip 2212
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 6512 -ip 6512
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2120 -ip 2120
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6780 -ip 6780
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5512 -ip 5512
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4488 -ip 4488
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 2760 -ip 2760
1⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4276 -ip 4276
1⤵
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5764 -ip 5764
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 1000 -ip 1000
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6912 -ip 6912
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5424 -ip 5424
1⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 3516 -ip 3516
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5536 -ip 5536
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7152 -ip 7152
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 5412 -ip 5412
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6484 -ip 6484
1⤵
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4504 -ip 4504
1⤵
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 4008 -ip 4008
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5684 -ip 5684
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 3404 -ip 3404
1⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5244 -ip 5244
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1944 -ip 1944
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 7124 -ip 7124
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6960 -ip 6960
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 3068 -ip 3068
1⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2560 -ip 2560
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6828 -ip 6828
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 1200 -ip 1200
1⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6748 -ip 6748
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5708 -ip 5708
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3780 -ip 3780
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4788 -ip 4788
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4312 -ip 4312
1⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3676 -ip 3676
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5868 -ip 5868
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2392 -ip 2392
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 1136 -ip 1136
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 1168 -ip 1168
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 2688 -ip 2688
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2504 -ip 2504
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6044 -ip 6044
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 964 -ip 964
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6860 -ip 6860
1⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6568 -ip 6568
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 1436 -ip 1436
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 544 -ip 544
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 6000 -ip 6000
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1212 -p 1816 -ip 1816
1⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5428 -ip 5428
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 4084 -ip 4084
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4508 -ip 4508
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6076 -ip 6076
1⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5796 -ip 5796
1⤵
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7116 -ip 7116
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2312 -ip 2312
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 6532 -ip 6532
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5904 -ip 5904
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4456 -ip 4456
1⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5216 -ip 5216
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4760 -ip 4760
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 5212 -ip 5212
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6372 -ip 6372
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 3964 -ip 3964
1⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4400 -ip 4400
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1288 -ip 1288
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 6140 -ip 6140
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4388 -ip 4388
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 3768 -ip 3768
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 1884 -ip 1884
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 5296 -ip 5296
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1340 -ip 1340
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 6376 -ip 6376
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 2008 -ip 2008
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5152 -ip 5152
1⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 588 -ip 588
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5844 -ip 5844
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6212 -ip 6212
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3432 -ip 3432
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5176 -ip 5176
1⤵
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5936 -ip 5936
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 1592 -ip 1592
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 2248 -ip 2248
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5444 -ip 5444
1⤵
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 652 -ip 652
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 5584 -ip 5584
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1312 -p 6204 -ip 6204
1⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6444 -ip 6444
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 6380 -ip 6380
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3296 -ip 3296
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6176 -ip 6176
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3692 -ip 3692
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3256 -ip 3256
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 5788 -ip 5788
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 5688 -ip 5688
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5880 -ip 5880
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5616 -ip 5616
1⤵
PID:732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 3260 -ip 3260
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7060 -ip 7060
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5840 -ip 5840
1⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 7064 -ip 7064
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3488 -ip 3488
1⤵
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 2548 -ip 2548
1⤵
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1508 -ip 1508
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6224 -ip 6224
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5280 -ip 5280
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6900 -ip 6900
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2576 -ip 2576
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 6836 -ip 6836
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 5480 -ip 5480
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 928 -ip 928
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 6096 -ip 6096
1⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4724 -ip 4724
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 2272 -ip 2272
1⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6968 -ip 6968
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5988 -ip 5988
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 3084 -ip 3084
1⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 1748 -ip 1748
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 1848 -ip 1848
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 64 -ip 64
1⤵
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6648 -ip 6648
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 924 -ip 924
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 4340 -ip 4340
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4824 -ip 4824
1⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 1608 -ip 1608
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4908 -ip 4908
1⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6292 -ip 6292
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6156 -ip 6156
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 116 -ip 116
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 6252 -ip 6252
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6824 -ip 6824
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 1244 -ip 1244
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6604 -ip 6604
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1096 -p 4172 -ip 4172
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7056 -ip 7056
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 2892 -ip 2892
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6784 -ip 6784
1⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3368 -ip 3368
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4160 -ip 4160
1⤵
PID:344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 6288 -ip 6288
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 2384 -ip 2384
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3712 -ip 3712
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5404 -ip 5404
1⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 7088 -ip 7088
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6952 -ip 6952
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1068 -p 7024 -ip 7024
1⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7076 -ip 7076
1⤵
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3076 -ip 3076
1⤵
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1956 -ip 1956
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6524 -ip 6524
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 6720 -ip 6720
1⤵
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 2956 -ip 2956
1⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 1452 -ip 1452
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 4452 -ip 4452
1⤵
PID:5428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe

Filesize
184KB

MD5
f2cf597c4ca8fea5a70a6fc175926896

SHA1
0180163752be12006d28530f44a24d21fb1b260c

SHA256
eec410607d06daec6201ac0d4826817967c9ecfc034ad1c4265110559733b0a0

SHA512
ef5e64223fd11a07ca84f02b669d33e38982c59ae1ae5a4b9fe404a3900b8c555a98c3f4c2954738f8c7f8b603b6451b7ad608e5203f8b5178436bb7bf827835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe

Filesize
184KB

MD5
1eaa05ce3be4f62b8bcec1aca2a9834f

SHA1
129de8411d4b8470d1961b1f3a6effedaa0b159f

SHA256
62586fa8dd4bed3d993dcab88a30e15c56b7cd3e63348ceeac3bb809f0374a71

SHA512
305362ce3b7a56eff9b1f4f45f8382fad4a2708c0af7652a740d4f5187b9c307fe6d7160262a799c6905f1317824d687eb4cf896056709c23b7e00ce0c89f6c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe

Filesize
184KB

MD5
f60a6a42f2b81ebf076e82774e8753e4

SHA1
0241657eef0a4e1a288965831126bbefd04f5795

SHA256
7f660169aaed7d62695ad5225f321475ca26baaac3b6a3bcf75c48389aefd4e4

SHA512
7e723bc344bdfacac9cd0b70755c53e7c4e83daff98e8579c76bcff108bebe0ed2fd6504c2eddfbcea0fb64cb78899f5931b97f79cebadf93a02c0d790e4be51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe

Filesize
184KB

MD5
af76f4d7c947b088c22f396821bda4ce

SHA1
36ed7e5644f2efec0dd489f5b36a93b682a34e65

SHA256
8aff9e80d31b72f74fe94ce52183ee1c13b41c1ef6d827e469849c5ff65e5368

SHA512
85e4ac217b5a16c6ef3c9de12ec70225b465b7788b10e3711235872a3983220ef25f97b81451b72c2272a6571f7ed9d141bf8939ca856eb8c195f837113da3d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe

Filesize
184KB

MD5
0bfed11c9cd9087895686f6630285fb9

SHA1
1f9b447906b9f671c48a535ed5806a736b1dd1c5

SHA256
bc6439e2097cdf55d9fbd6735b65dbc9f5e586b60800dc6fe951531d9478582d

SHA512
959623139b4e05408aaff901392af85251f70f08b71e3a90bf63fb9b9b86247337f73a9f9d0319a9a3010789be9aae3cc8e76f1b1a461761214cb25c1710b8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe

Filesize
184KB

MD5
a03ec5b6d21c198b14660b025acd2601

SHA1
0106948f4b091bf5deeddd03657066aba7fe2bde

SHA256
a61e286db1b6347e9fe75daa2d5cd0e423f0402fc98fb810ab1bd7f43a0eb100

SHA512
9ffebbdddcbf30908b289a6a283e83fc51f2a12bf332e6ab43a4175669d257dcf57abbbd571b69e8c766135d4fab14c395c37b37c490c8c7a4b2f93848f36595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe

Filesize
184KB

MD5
c9df1730bed70f70051db8c8c6d220be

SHA1
65e6fdfe881c78517520ce11dbf18472c7810065

SHA256
26e51b1f2213e58bd9c208f4a5856780b5a9ab2fde9599c42ec2b388f60b745f

SHA512
f7559fc00bfdfe9acb8c9de5344cbb204b28a95362e59a52cbb1738d0a00ca5754659e97d2a72c81633fcac64fd8416090c1739df086b71f793541e62cded185

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe

Filesize
184KB

MD5
872cbc62feafee9df3d277040681e5f4

SHA1
fbdf94f263fe61341fb0b024aecbc12a3fbb89f2

SHA256
dd80c4ece529716381ac6f73ea7b2a057ed75c7f4c1b920ea9cc327dd049497c

SHA512
04bbd9893636999af909723d6e4baf0a6d574401a0f32e4e65badfc139cf1a63d2d06e29dd649b1abc15d45159a92bd4ba6a22a44d50382caf1e264bea5534c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe

Filesize
184KB

MD5
b18d934802eda3893a73962f9801b5d0

SHA1
4ddd41fe2aedc3111b6a4fff15a7b7e1ad7f8f82

SHA256
e64b4849708bf2b802a2b2607c9eaab5ac3a03ce6a294e9d94112f77e28d7784

SHA512
63251b09f8f64d1eb7505ba182a0bff8e5f16cfc313e2193d281cb37d29de58e68d8dce1543c23710162e887dbf363214168652296ab55ec39faf878509f2fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe

Filesize
184KB

MD5
b1e2e503e9a9175b45060ca362f80f5d

SHA1
b3e414c8bf4bb57c6dc2013a69ba62830d1ba829

SHA256
62afe9a9e8b60bef0ce8916ceb2d8bb893357b87f9d29ddc6dd75b1cbd959540

SHA512
fa45f2a2ab9687b8b2ef9cd35170eccca82419ae30df19913b474d673f82e6c7b5a2b53ba0af65566bec061b87094d964341a51f8fa24c34f5c29ecf30f35602

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe

Filesize
184KB

MD5
d3bd46a53adad81bdcec61cfa5aa3ea2

SHA1
93e9810c713c4872c66b62ee059384fb10d390ac

SHA256
b99c76a3d5922c16515e668e577a4b89d0af53b00047d429c6467b003cfbba54

SHA512
83b076e66fd7cdc4d7c6c039c00222002adbe989061b2b1f4917d4f578a3728d56a62080bcedddc1a5f7b61742a2ea0d9ba238b3f93849d53c60df793b3de956

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe

Filesize
184KB

MD5
adac4aa813dd97a499a433960fd0139a

SHA1
25706ac098882f877cba3b5c4c08ffaf8d062fee

SHA256
aa930e826f66c018cac9dc1250864cff3b02dd11f17521447e3250b5c8e12895

SHA512
3bce581165cf0fd0e2230ec6bb4c27d0fb406f545370d5a63ae986e597cae7a776e96adb61bd06476aeab2b7725bbd5a8e43aabfe34d86c7a495246524bfbce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe

Filesize
184KB

MD5
231eb6c5626ae3ac3c07d0842b44a58d

SHA1
22f9f92c10faf3b996f475a91f4400253e7f6fad

SHA256
55bc9e4b06f8eaa4710597e1d0f58b70251da591f952462ef90fc7969203027d

SHA512
8eec81cba0b9df24ac286214ee4ac5fd30893b10a1516263fef2938ea653bc01c653e70c60713c4ef9ba0c60ae1d40396146aa02f1622ee45ca4a66aad94273f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe

Filesize
184KB

MD5
3260d46a23470d42dd8a86faf296dd10

SHA1
41332bfe64e663af951e585ac1e7f296bf632400

SHA256
2d6c14d686bea227f621e17a444b43f63406e06493e42acb9eec2ffed81d2414

SHA512
d90670194156a9b852dee6557436ec58ebe5c5f6f8a32035585ecc62ddac25133993e19cacefb79e17b174fb359456766d45620da160ce4a65fabe551035805f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe

Filesize
184KB

MD5
e8215c6c0cce124d7f690fb8a98bcfa6

SHA1
3417500d48f9ce4d7adf89a12bf4f462a4d59337

SHA256
ed0e3ab544575a41c1723c2a8d3bb07db6081f606cdc97815f57dedb901ae5ff

SHA512
c212b2e81c0b86305042300d678295a406cde62669be47dee1bb3d4869a3e7ee1b899e49c5eff851378c1403c033d0d1d8f34d141441f985d4034a4490ec4cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36007.exe

Filesize
184KB

MD5
9c3abcf50d2743c288d73a4786c10de0

SHA1
81bb629b6ae4d35824a439b50875ec615068e6a4

SHA256
b30de30d0f26a523c7ef4380451798e63e8980ffa878c211810a6601cf4abc47

SHA512
865a223af6871d9dd549c937953c2a4015090004d92f63d9d7140969e912c79f8b5b94c4944d79b77b9db829875dcd977911eef9290ecc398ca00b2c8e5618ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe

Filesize
184KB

MD5
86a6befa5aaa7a5de6623b7b111ade99

SHA1
5351b96c2d3d10dc4422a7074dbb2d45bfac6b15

SHA256
e0d266562b17391cc7dcae1ef3c59414f54e8cadaacc4e656f65ab70399172c9

SHA512
e800051325bdd697c525e4ed52b473b4b639778a1671b27319708367ca866db2809b6b579308a8925fefaad62a45ffc3741f1c9d5bc33af86e30d40cd889138e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe

Filesize
184KB

MD5
2dcab8775cc3786ec0f0fdfa97f1e05b

SHA1
52b88a904547592ec195245377d126a0aa3a2938

SHA256
3e88d0c8f1530e7b3f78b66d261ad149ec98aae43bad7bae1b7be138fc9dd82e

SHA512
30331446dbc85fcec3daf6e119a89f43a88e3f98cc6ebbdeb1a4a33d3bb584d8e02a8b14b32568948ea69b88d9ee4905c521ab1fd8d2d8bb2b878b2fd4c9729b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe

Filesize
184KB

MD5
dc83b052b47a40492c48955c6e831abb

SHA1
0a98ed7403fa3fce947d6f1e93b21ec328c97f89

SHA256
405f7e168218f756b9f236bdb98178ced1642d78c6cfbfb52ad1037b091b53b1

SHA512
fb5e52b4590505f035eb9780be671e61d6fc4c38d18adcac394eb5289fb85eff3c700425600dd50443b2e2455c133a0fa17a2fd4b8eb2e258bd90ece2758709f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe

Filesize
184KB

MD5
9fe6b499d1e46d6fc1629a297b6d97b6

SHA1
8c98f53e8351958a55bb3885f72b64d7c9208847

SHA256
76676d02225a9dfacf3c5b725e19e453e36b9ec2f0614ff2ddcef40064df9c01

SHA512
a40bb55b0627e4faa1b00a73d156ec35467f6b1b96dab0a9d84fe36090d9b25e3947118486c6ed53f10e26a3e97ed68fd3284a9e39c253f0402834f079194b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe

Filesize
184KB

MD5
a05870b396c131cd290b0be7a18e8b6b

SHA1
40f9be4165636c1cee15658d21847f95ef12687a

SHA256
867f6df10dcbefc0aab37aafd177e6bcab38a75aa7292c62817f82079f96ab2a

SHA512
34298a2c30ad83357a0b0fdf1e4d4e0b9445265ce9b7ca5fdd0e37cbcd15683169e061bd40044c38edf3ae9ce8c60831e9fbc51cb382aaeca9414e3469d93d82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe

Filesize
184KB

MD5
79f594b08d4f254708c5baac8bb62952

SHA1
38f1ef228195fa4197fab817a081dca474e4cfe3

SHA256
2246c05580b75a775a99559f056e23c84856cfce22b8dd287dea8348c0a0460a

SHA512
c1102fb6769fd72c6d1b520a79ed1d52ca602d292bb3bdc5be3c12626667f196bda2c278d0093674114b6b7ff4068c7ffa2259159866d9dc1d25704841993f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe

Filesize
184KB

MD5
dfbe9692c9c9740d099c48fe3adb2ab9

SHA1
c6a42820c4b365ebf9d98a44933aae33c44b0557

SHA256
8bc87b771ddcfadbeb5ef885b31101b42ea31b99f5a6c45e827ab875ccb849c5

SHA512
305232537ab89c90ab3c208bcda5a65c95d1742b297eefa8d6a49cfdc61ca42f929c04ba7b69b9390053e6947095cd965824887e31ca716cd7b139e9f7dcb165

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42879.exe

Filesize
184KB

MD5
606b50cada985679b8da6591203e9c19

SHA1
1d44e09f7a66d7610ddec70db1f5d5cb119c737a

SHA256
70b35a70b9641f8b36116139e5977cb34cd70b2e9c030f25ea26b178a6955e25

SHA512
25c0c3ff17059b1f4ae2d3630743e1568d0bcba6649ce64d9cd4574d9a0084c8085ee070f8abf4090b236b416442f8f1db9128f54300a61541b08f95dd87b050

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe

Filesize
184KB

MD5
477f3f9081c7ab3d2cc3da85e01cd3ca

SHA1
4834a2195703a11018327c0de64399a5e3b321a3

SHA256
900949995c4e8bbdabeba67dfeefc9cafc429669d880099af4a08d77e2c10d81

SHA512
36da67eb07cb0ca410276484af47fefe17bf70eea733894ba6bde7d0004d5562b1b92ed407908c0f3c94adee285ba3f383c29679ae3b1d1e34f02a7f92192b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe

Filesize
184KB

MD5
f3d9e0b89195ea43a21ecaea694e89ad

SHA1
8bd7e9ba12fca28e5365e3b2ef5e8b32c48e629c

SHA256
df0f464aa88a0a186c7efe8bf155410eb3fdf89c8fc43119c402aadf9c8fb0dc

SHA512
5faeb9d3f3e59c7e8719791e0a6203bfa6100130a83a75fbedaa7f7b30786b4438cff6d2e0c7bb8a1c29b6e2bcbc175700aa94d45b4fa3e145b24f332efa83be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe

Filesize
184KB

MD5
1d98d9699366708f40375806c18c85ab

SHA1
495919bc8649c34953b8dc2204173da506cc7ef2

SHA256
d1a36a19291a71cd1ba747c266be9b3397f24a2b8d802f603947dca007988c89

SHA512
43fd0ead052a65bb4e139eb834c84d2fd878fd1896e76d74a16c69493cd385c553477f8162b16a997e3cff82c349511765158ac476334a9e14249a91930a317d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe

Filesize
184KB

MD5
3d5210a1e361d2ecbe8a318d8d0ec4b7

SHA1
354f6e97242cd27f4881ec8f57db0c234772a824

SHA256
8dc0bcf126b7d99a0c2e91e86d6acab2c71d35b1c7f37c1bdab0c096d9ac467f

SHA512
e3b2d3bfc5b44dac1719a347e831f901df53735242699ed9349e4c272effc2b9d04a09b9fe9fd00db02a839e4f644861b890abf9c389cba660540ee96ac51e0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe

Filesize
184KB

MD5
c325da6a6c7b440f999ff21bb96ddcdf

SHA1
3130f6af5e1d341cf015c9a174a08d6d2fbf6fa0

SHA256
282d58e8533138494191c26000caf66d80cb7fa0a4d594aae43056e718d772e3

SHA512
3b8be3c19bb957bf254bde4d7ef781c50b9880936f37f80de85d4ee69595595bbbb08e1292c7d9190f33696879c94ee9f924458137b0c27466a219b36012c459

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55873.exe

Filesize
184KB

MD5
a1f6a871dd18c15bffd1fe88c6f8fd9c

SHA1
d0e7f5121691d2622e6acf1d10216e0d8ee20d32

SHA256
59ecb635c26e96a8accfbb8e2464922b2b8d3bd2dddfbb72be67f75df07635c1

SHA512
505d1557410fc9e46836cf6f00c0b3e14b43ab38308b3e011e3c47ad2571fe39c6589c3e79a7a5b38a30458fe0d5b2bbd365697653f776fa5c03f331484fd711

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe

Filesize
184KB

MD5
7b7159745fc0d673e0240046d057bc90

SHA1
337c720a3096c50da80f2b30b8f5c06a197de66f

SHA256
337e0cbe84044fbbd2ad30a54311d1ab7a341ff8e8de6df1a2498a39d8a92fca

SHA512
316f191abc3dd40c5fd7cc43d8180eb825028993f2be4e38031748df105888391b77f977f69d2a8fea9ca99e0e11e5184998962fd6cdab24ec12b91566313bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe

Filesize
184KB

MD5
b8ce3361b92817b96988d8531b4f4cdc

SHA1
0b103c486eaf1a3233bd01298ac024c3225ae4f7

SHA256
6e535b4ac496390e50483e97a752d051771f006c0145da4a0c196dc72580857d

SHA512
479b0b2005fe6539d4b2a90a291c3560f2e5de5154c441ff95d71ff21a8d9cf86a756b5e4e65b8e8e4fa5e7a786124559025617102109e914bb9fa7cbb7fbc07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe

Filesize
184KB

MD5
27ccb13b99b11809faf4f6a46221c398

SHA1
cefb422870c6f55de0450c68402e3d40009b86ec

SHA256
a3f8246750fe905b898b07419f442a95f469d8cf8a32c5e1270983a297bdf3bf

SHA512
707db9da883d3ab446c36a0492b656689c99b26ee470b6832de6b8e61bcd4c4af562f5eeef513e6beed35c83c53d437e25b5c6aefa40f025a0890b94df56ee28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe

Filesize
184KB

MD5
407a1aafae4bbfed7166f79a0c6327e7

SHA1
a8a416a29e366ce384028a3983e283b3d810b144

SHA256
3ef8674f9adca25756950d323203b04017c2a244ccd8fa4363f2ad2cc4e8028b

SHA512
cc3898c76eaea879bf8d04fc6ed4bfc2c9691858b6d3de56679b65d9366cb2077c85d86964cbe6f5178e7497dbd9fd8f01ecd2a0afe79117814edfc531665379

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe

Filesize
184KB

MD5
d01ee20616b7972a170543a12db278f1

SHA1
b02b5b4dc2569102bcbc344d9ab47ca24eebed1f

SHA256
1834160d830b995a36954ae720183ed17fdd0f7da6e253936ca73c9aebe5a570

SHA512
6a6d0b791eeb23bde89241299c91507abbb95ccbf2d2908a064ed54b49ea678ecfbf4598e5f504a671d9343aa754fc06f6f2d1e16cca9c18fdc78a0b2e6e6f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe

Filesize
184KB

MD5
34b0f617d84d0fb5fcdb57c507461a26

SHA1
eb699a4c13f3b80f4938c7275f962e477d28bf85

SHA256
7e782623c92ed29be1e9e96a42909905eb9430799e8004342d2d99d87e4a9b8d

SHA512
3a7d15945e2f795074f3e3d6767eaf26129448ef01c129ebd26fda68eb52ed6450ca12172d47494e2b2881a9360ea964210b3b6faaf52425a2844f973f1ebb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe

Filesize
184KB

MD5
6b18ec5003d955a5b9a587f83517c3b2

SHA1
8b11e71495565fed3b5e6085235d8e1a897e28ac

SHA256
bcbcd956b691ca4f39bec508c7b9685d18a2077f62c5d13b8e8b8b7027bcfa1d

SHA512
02a7cd79c38c09bcfbabd818b4dd4d7730350cc53ad017c8dc73c0f374904d47949b06fac448e422e7bee741dcc117b4901b603887956747f959cc6a07b30edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe

Filesize
184KB

MD5
16a217fb20a34c066ff358eb7c4df0b4

SHA1
6984d15245c935ccce62b5d6f75b2c9555537b3c

SHA256
40c2feff65a55afebc5c0ead81ae5af56d317c500990a1473ea44e6eb2fa3dd5

SHA512
2d615a2575712c0ee9567afca3211292d56b0e5f1377d15db3c9ec782222380e04d325a6c705d66664bf69c4f1315b2b507c9eb9962d35fc1c2473bb41e42ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe

Filesize
184KB

MD5
7a09c4e673001394da758031140dec3e

SHA1
a345ed4b29ecb6d1a6d8c260dff5b3d8e0f9939f

SHA256
7416a6a20d63b6431f3217b9525c07059381cdc15a394e7f11a7a714f0c3720a

SHA512
0644be71ebfbabcd8977f871519922755eb71c49d86c820bdb5f331e75e095f9167fa503e85d1cdb5705ed0c0b806b0b1a0d6994f322efbc7962dd3fb58db248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe

Filesize
184KB

MD5
f90c08d37bfbc8fdc356abe91b24752e

SHA1
c7365cd35f450c48c43a2544aa1d16cb0e643ce1

SHA256
6a88a60f57a6a69a3e2d6fed11c44eb0f2c71e8aaa9d506749aee4949fe2789b

SHA512
6da1f0467ed4d6759909992ee0993bd4470cf81dec39fc35ee6d97589ef1fa3fc6d38b0a1eb4c85790174990eba4e807ab03ec7a819fe8203bfedf0a319d20da

Download Submit