347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2

Analysis

max time kernel
120s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
Size

184KB
MD5

6ba6ddb69283ce408d054634f1899390
SHA1

b5c99fb0b7bbacd79af3e1d0c420fba981c78d85
SHA256

347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2
SHA512

8484d97116338a9e512e12eb4ffbe7dd4d372ebfcf170e4a90539b8dec05233ce72e1dd4eb309314cd485368eb003dc21bcd4ecfa0c2f35cbca6e601795824a4
SSDEEP

3072:dmk9ZToHMaSCpOdgkig/8U2arlvhqnxFuN:dmcokqOdX8varl5qnxFu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 62 IoCs

pid	Process
3884	Unicorn-5016.exe
780	Unicorn-21945.exe
2788	Unicorn-50704.exe
1484	Unicorn-24745.exe
1912	Unicorn-23676.exe
4520	Unicorn-3810.exe
1544	Unicorn-4760.exe
2716	Unicorn-655.exe
5084	Unicorn-4376.exe
2352	Unicorn-37049.exe
412	Unicorn-52544.exe
2560	Unicorn-56473.exe
3108	Unicorn-36031.exe
2356	Unicorn-58777.exe
4040	Unicorn-9192.exe
1104	Unicorn-8616.exe
1124	Unicorn-8616.exe
1108	Unicorn-37951.exe
5052	Unicorn-21423.exe
3656	Unicorn-59177.exe
2444	Unicorn-39503.exe
3076	Unicorn-43033.exe
536	Unicorn-10635.exe
1396	Unicorn-39394.exe
4668	Unicorn-11320.exe
3404	Unicorn-58876.exe
2436	Unicorn-58876.exe
2192	Unicorn-9867.exe
2752	Unicorn-9867.exe
1792	Unicorn-56608.exe
2912	Unicorn-26047.exe
4612	Unicorn-9519.exe
3292	Unicorn-39193.exe
4980	Unicorn-38159.exe
4676	Unicorn-58217.exe
2332	Unicorn-41881.exe
3024	Unicorn-37775.exe
1040	Unicorn-55804.exe
3752	Unicorn-59107.exe
3452	Unicorn-32569.exe
3368	Unicorn-17577.exe
3196	Unicorn-856.exe
4424	Unicorn-49865.exe
3876	Unicorn-49865.exe
3924	Unicorn-49865.exe
64	Unicorn-16124.exe
552	Unicorn-16124.exe
620	Unicorn-29615.exe
4112	Unicorn-61411.exe
532	Unicorn-46336.exe
5016	Unicorn-46336.exe
2536	Unicorn-8744.exe
868	Unicorn-53347.exe
208	Unicorn-27577.exe
1912	Unicorn-59481.exe
2700	Unicorn-9211.exe
2204	Unicorn-56144.exe
4052	Unicorn-10472.exe
3060	Unicorn-42303.exe
4316	Unicorn-61785.exe
1468	Unicorn-57187.exe
2100	Unicorn-11515.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3656	3076	WerFault.exe	82
2508	3076	WerFault.exe	82
1396	3884	WerFault.exe	85
1624	3884	WerFault.exe	85
1320	780	WerFault.exe	88
2404	2788	WerFault.exe	89
1736	780	WerFault.exe	88
4868	2788	WerFault.exe	89
1376	1484	WerFault.exe	98
3024	1912	WerFault.exe	99
5000	1484	WerFault.exe	98
3576	1912	WerFault.exe	99
3748	1544	WerFault.exe	105
3372	1544	WerFault.exe	105
3448	2716	WerFault.exe	106
780	5084	WerFault.exe	107
4892	412	WerFault.exe	109
968	2716	WerFault.exe	106
2324	412	WerFault.exe	109
2344	5084	WerFault.exe	107
3320	3108	WerFault.exe	119
2572	3108	WerFault.exe	119
4760	1104	WerFault.exe	122
3548	4040	WerFault.exe	121
1760	1104	WerFault.exe	122
2932	1108	WerFault.exe	124
2316	4040	WerFault.exe	121
4304	1108	WerFault.exe	124
1516	3656	WerFault.exe	134
4908	3656	WerFault.exe	134
1104	3076	WerFault.exe	136
1540	536	WerFault.exe	139
2424	3404	WerFault.exe	142
2168	4668	WerFault.exe	141
1900	4612	WerFault.exe	148
5612	2912	WerFault.exe	147
5440	536	WerFault.exe	139
5708	4668	WerFault.exe	141
5756	4612	WerFault.exe	148
5944	3024	WerFault.exe	167
6124	2332	WerFault.exe	166
2412	4676	WerFault.exe	165
5720	3452	WerFault.exe	172
6908	2256	WerFault.exe	232
6948	4676	WerFault.exe	165
7056	3024	WerFault.exe	167
7152	2332	WerFault.exe	166
8044	4112	WerFault.exe	183
4620	5492	WerFault.exe	271
4308	5264	WerFault.exe	262
7752	3196	WerFault.exe	176
2472	2204	WerFault.exe	205
532	6740	WerFault.exe	354
808	4436	WerFault.exe	233
8856	4336	WerFault.exe	235
7412	5128	WerFault.exe	257
6864	4256	WerFault.exe	226
2128	2344	WerFault.exe	256
9648	5400	WerFault.exe	330
9256	6128	WerFault.exe	319
8420	6140	WerFault.exe	335
6464	5920	WerFault.exe	286
10936	6752	WerFault.exe	355
6012	7676	WerFault.exe	446

System Location Discovery: System Language Discovery 1 TTPs 62 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10472.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
3884	Unicorn-5016.exe
780	Unicorn-21945.exe
2788	Unicorn-50704.exe
1484	Unicorn-24745.exe
1912	Unicorn-23676.exe
4520	Unicorn-3810.exe
1544	Unicorn-4760.exe
2716	Unicorn-655.exe
5084	Unicorn-4376.exe
2352	Unicorn-37049.exe
412	Unicorn-52544.exe
2560	Unicorn-56473.exe
3108	Unicorn-36031.exe
2356	Unicorn-58777.exe
4040	Unicorn-9192.exe
1124	Unicorn-8616.exe
1108	Unicorn-37951.exe
1104	Unicorn-8616.exe
5052	Unicorn-21423.exe
3656	Unicorn-59177.exe
2444	Unicorn-39503.exe
3076	Unicorn-43033.exe
536	Unicorn-10635.exe
1396	Unicorn-39394.exe
3404	Unicorn-58876.exe
2192	Unicorn-9867.exe
4668	Unicorn-11320.exe
2752	Unicorn-9867.exe
2436	Unicorn-58876.exe
2912	Unicorn-26047.exe
4612	Unicorn-9519.exe
1792	Unicorn-56608.exe
3292	Unicorn-39193.exe
4980	Unicorn-38159.exe
4676	Unicorn-58217.exe
2332	Unicorn-41881.exe
3024	Unicorn-37775.exe
1040	Unicorn-55804.exe
3752	Unicorn-59107.exe
3452	Unicorn-32569.exe
3368	Unicorn-17577.exe
3924	Unicorn-49865.exe
3196	Unicorn-856.exe
552	Unicorn-16124.exe
4424	Unicorn-49865.exe
3876	Unicorn-49865.exe
64	Unicorn-16124.exe
4112	Unicorn-61411.exe
5016	Unicorn-46336.exe
620	Unicorn-29615.exe
532	Unicorn-46336.exe
2536	Unicorn-8744.exe
868	Unicorn-53347.exe
208	Unicorn-27577.exe
1912	Unicorn-59481.exe
2700	Unicorn-9211.exe
2204	Unicorn-56144.exe
4052	Unicorn-10472.exe
3060	Unicorn-42303.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 3884	3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	85
PID 3076 wrote to memory of 3884	3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	85
PID 3076 wrote to memory of 3884	3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	85
PID 3884 wrote to memory of 780	3884	Unicorn-5016.exe	88
PID 3884 wrote to memory of 780	3884	Unicorn-5016.exe	88
PID 3884 wrote to memory of 780	3884	Unicorn-5016.exe	88
PID 3076 wrote to memory of 2788	3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	89
PID 3076 wrote to memory of 2788	3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	89
PID 3076 wrote to memory of 2788	3076	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	89
PID 780 wrote to memory of 1484	780	Unicorn-21945.exe	98
PID 780 wrote to memory of 1484	780	Unicorn-21945.exe	98
PID 780 wrote to memory of 1484	780	Unicorn-21945.exe	98
PID 2788 wrote to memory of 1912	2788	Unicorn-50704.exe	99
PID 2788 wrote to memory of 1912	2788	Unicorn-50704.exe	99
PID 2788 wrote to memory of 1912	2788	Unicorn-50704.exe	99
PID 3884 wrote to memory of 4520	3884	Unicorn-5016.exe	100
PID 3884 wrote to memory of 4520	3884	Unicorn-5016.exe	100
PID 3884 wrote to memory of 4520	3884	Unicorn-5016.exe	100
PID 1484 wrote to memory of 1544	1484	Unicorn-24745.exe	105
PID 1484 wrote to memory of 1544	1484	Unicorn-24745.exe	105
PID 1484 wrote to memory of 1544	1484	Unicorn-24745.exe	105
PID 780 wrote to memory of 2716	780	Unicorn-21945.exe	106
PID 780 wrote to memory of 2716	780	Unicorn-21945.exe	106
PID 780 wrote to memory of 2716	780	Unicorn-21945.exe	106
PID 4520 wrote to memory of 5084	4520	Unicorn-3810.exe	107
PID 4520 wrote to memory of 5084	4520	Unicorn-3810.exe	107
PID 4520 wrote to memory of 5084	4520	Unicorn-3810.exe	107
PID 1912 wrote to memory of 2352	1912	Unicorn-23676.exe	108
PID 1912 wrote to memory of 2352	1912	Unicorn-23676.exe	108
PID 1912 wrote to memory of 2352	1912	Unicorn-23676.exe	108
PID 2788 wrote to memory of 412	2788	Unicorn-50704.exe	109
PID 2788 wrote to memory of 412	2788	Unicorn-50704.exe	109
PID 2788 wrote to memory of 412	2788	Unicorn-50704.exe	109
PID 1544 wrote to memory of 2560	1544	Unicorn-4760.exe	118
PID 1544 wrote to memory of 2560	1544	Unicorn-4760.exe	118
PID 1544 wrote to memory of 2560	1544	Unicorn-4760.exe	118
PID 1484 wrote to memory of 3108	1484	Unicorn-24745.exe	119
PID 1484 wrote to memory of 3108	1484	Unicorn-24745.exe	119
PID 1484 wrote to memory of 3108	1484	Unicorn-24745.exe	119
PID 2716 wrote to memory of 2356	2716	Unicorn-655.exe	120
PID 2716 wrote to memory of 2356	2716	Unicorn-655.exe	120
PID 2716 wrote to memory of 2356	2716	Unicorn-655.exe	120
PID 5084 wrote to memory of 4040	5084	Unicorn-4376.exe	121
PID 5084 wrote to memory of 4040	5084	Unicorn-4376.exe	121
PID 5084 wrote to memory of 4040	5084	Unicorn-4376.exe	121
PID 412 wrote to memory of 1104	412	Unicorn-52544.exe	122
PID 412 wrote to memory of 1104	412	Unicorn-52544.exe	122
PID 412 wrote to memory of 1104	412	Unicorn-52544.exe	122
PID 2352 wrote to memory of 1124	2352	Unicorn-37049.exe	123
PID 2352 wrote to memory of 1124	2352	Unicorn-37049.exe	123
PID 2352 wrote to memory of 1124	2352	Unicorn-37049.exe	123
PID 4520 wrote to memory of 1108	4520	Unicorn-3810.exe	124
PID 4520 wrote to memory of 1108	4520	Unicorn-3810.exe	124
PID 4520 wrote to memory of 1108	4520	Unicorn-3810.exe	124
PID 1912 wrote to memory of 5052	1912	Unicorn-23676.exe	125
PID 1912 wrote to memory of 5052	1912	Unicorn-23676.exe	125
PID 1912 wrote to memory of 5052	1912	Unicorn-23676.exe	125
PID 2560 wrote to memory of 3656	2560	Unicorn-56473.exe	134
PID 2560 wrote to memory of 3656	2560	Unicorn-56473.exe	134
PID 2560 wrote to memory of 3656	2560	Unicorn-56473.exe	134
PID 1544 wrote to memory of 2444	1544	Unicorn-4760.exe	135
PID 1544 wrote to memory of 2444	1544	Unicorn-4760.exe	135
PID 1544 wrote to memory of 2444	1544	Unicorn-4760.exe	135
PID 3108 wrote to memory of 3076	3108	Unicorn-36031.exe	136

C:\Users\Admin\AppData\Local\Temp\347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
"C:\Users\Admin\AppData\Local\Temp\347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        12⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        14⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        14⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        12⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
        13⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        12⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        12⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        11⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        12⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        13⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        13⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        12⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        11⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        12⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        12⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        9⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        11⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        12⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        9⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 756
        8⤵
        Program crash
        
        PID:1516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 716
        8⤵
        Program crash
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        10⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35535.exe
        10⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        11⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        10⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
        11⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        11⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        12⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        11⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        11⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        10⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        11⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        12⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        13⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        11⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        12⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
        11⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        11⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        9⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
        11⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 716
        9⤵
        Program crash
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 736
        8⤵
        Program crash
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 736
        8⤵
        Program crash
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        9⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        10⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        11⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        10⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        8⤵
        
        PID:5040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 720
        6⤵
        Program crash
        
        PID:3748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 720
        6⤵
        Program crash
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43378.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        12⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        10⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        11⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        11⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        12⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        11⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        9⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 716
        8⤵
        Program crash
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 716
        8⤵
        Program crash
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        12⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        11⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        10⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        11⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        11⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        10⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        9⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 720
        8⤵
        Program crash
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 708
        7⤵
        Program crash
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        11⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        11⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        9⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        10⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        11⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        9⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        10⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        10⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        9⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 624
        7⤵
        Program crash
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 624
        7⤵
        Program crash
        
        PID:7056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 752
        6⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 752
        6⤵
        Program crash
        
        PID:2572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 736
        5⤵
        Program crash
        
        PID:1376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 736
        5⤵
        Program crash
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55804.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        12⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        13⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        12⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        13⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        11⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        12⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        11⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        12⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        11⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        12⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        12⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        11⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        11⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        10⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        11⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        11⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        10⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        11⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
        12⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        12⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        11⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
        10⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        11⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        11⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 556
        10⤵
        Program crash
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        9⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        10⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 748
        9⤵
        Program crash
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        9⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
        10⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        10⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
        9⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 724
        7⤵
        Program crash
        
        PID:1540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 748
        7⤵
        Program crash
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        7⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        9⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        11⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        12⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        11⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        10⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        9⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        10⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15900.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        9⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        9⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        10⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 744
        7⤵
        Program crash
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        6⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        9⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        10⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        9⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 652
        8⤵
        Program crash
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        9⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        9⤵
        
        PID:9940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 740
        5⤵
        Program crash
        
        PID:3448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 740
        5⤵
        Program crash
        
        PID:968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 752
      4⤵
      Program crash
      PID:1320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 752
      4⤵
      Program crash
      PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        10⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        11⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        12⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        11⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        11⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        11⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        11⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        10⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        9⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        11⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        11⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        10⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 644
        10⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        9⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 724
        7⤵
        Program crash
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53913.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35964.exe
        11⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        10⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        11⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        9⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        9⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        10⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        8⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        9⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        9⤵
        
        PID:5776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 660
        6⤵
        Program crash
        
        PID:3548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 660
        6⤵
        Program crash
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61241.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        9⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        10⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        11⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        11⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        9⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        10⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        10⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        8⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        9⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        10⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        9⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
        9⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        9⤵
        
        PID:6132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 652
        6⤵
        Program crash
        
        PID:1900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 660
        6⤵
        Program crash
        
        PID:5756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 720
        5⤵
        Program crash
        
        PID:780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 720
        5⤵
        Program crash
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        10⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        11⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        9⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        10⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        10⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        9⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        10⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        9⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        9⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        9⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53913.exe
        6⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        10⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        9⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 748
        8⤵
        Program crash
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        9⤵
        
        PID:6064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 720
        5⤵
        Program crash
        
        PID:2932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 752
        5⤵
        Program crash
        
        PID:4304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 752
    3⤵
    - Program crash
    PID:1396
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 752
    3⤵
    - Program crash
    PID:1624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        11⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        12⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
        13⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        13⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        11⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        12⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        10⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        11⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24588.exe
        11⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        9⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        10⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        11⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25756.exe
        11⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        10⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        11⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        11⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        12⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 488
        11⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        11⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        11⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 628
        10⤵
        Program crash
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        11⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 644
        10⤵
        Program crash
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        10⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        12⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        13⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        12⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        11⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        10⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        11⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        9⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        10⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 720
        7⤵
        Program crash
        
        PID:2168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 764
        7⤵
        Program crash
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        9⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        11⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63350.exe
        10⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        9⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        10⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        9⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        10⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        11⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        8⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        9⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 636
        7⤵
        Program crash
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        10⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        9⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        10⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        10⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        9⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        9⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        8⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 756
        9⤵
        Program crash
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        9⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        9⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        9⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        8⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 736
        7⤵
        Program crash
        
        PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        11⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        11⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        9⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        11⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        10⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 684
        8⤵
        Program crash
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        9⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40118.exe
        9⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        9⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        6⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        10⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        9⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
        9⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        9⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        9⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3451.exe
        6⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        9⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        10⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        9⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        10⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        9⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 632
        8⤵
        Program crash
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        8⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        8⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 628
        7⤵
        Program crash
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        8⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        9⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        8⤵
        
        PID:6572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 724
      4⤵
      Program crash
      PID:3024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 744
      4⤵
      Program crash
      PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4219.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        10⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59949.exe
        11⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        10⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 596
        9⤵
        Program crash
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45180.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        9⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        6⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        9⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        9⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        9⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        9⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        9⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        8⤵
        
        PID:4720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 664
        5⤵
        Program crash
        
        PID:4760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 664
        5⤵
        Program crash
        
        PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59113.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
        9⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 636
        9⤵
        Program crash
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        9⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        9⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        9⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        6⤵
        
        PID:5416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 632
        6⤵
        Program crash
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        9⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15420.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56061.exe
        9⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        8⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        7⤵
        
        PID:4404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 660
        6⤵
        Program crash
        
        PID:8856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 756
        5⤵
        Program crash
        
        PID:5612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 720
      4⤵
      Program crash
      PID:4892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 772
      4⤵
      Program crash
      PID:2324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 728
    3⤵
    - Program crash
    PID:2404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 728
    3⤵
    - Program crash
    PID:4868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 736
  2⤵
  - Program crash
  PID:3656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 736
  2⤵
  - Program crash
  PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3076 -ip 3076
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3076 -ip 3076
1⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3884 -ip 3884
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3884 -ip 3884
1⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 780 -ip 780
1⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2788 -ip 2788
1⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 780 -ip 780
1⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2788 -ip 2788
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1484 -ip 1484
1⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1912 -ip 1912
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1484 -ip 1484
1⤵
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1912 -ip 1912
1⤵
PID:208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1544 -ip 1544
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1544 -ip 1544
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2716 -ip 2716
1⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5084 -ip 5084
1⤵
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 412 -ip 412
1⤵
PID:244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2716 -ip 2716
1⤵
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 412 -ip 412
1⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5084 -ip 5084
1⤵
PID:388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3108 -ip 3108
1⤵
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3108 -ip 3108
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1104 -ip 1104
1⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1108 -ip 1108
1⤵
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4040 -ip 4040
1⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1104 -ip 1104
1⤵
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 4040 -ip 4040
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1108 -ip 1108
1⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3656 -ip 3656
1⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3656 -ip 3656
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3076 -ip 3076
1⤵
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 536 -ip 536
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3404 -ip 3404
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4668 -ip 4668
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4612 -ip 4612
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3076 -ip 3076
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 536 -ip 536
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2912 -ip 2912
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4668 -ip 4668
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4612 -ip 4612
1⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 3024 -ip 3024
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4676 -ip 4676
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2332 -ip 2332
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 3452 -ip 3452
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3368 -ip 3368
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3876 -ip 3876
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2912 -ip 2912
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5160 -ip 5160
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3876 -ip 3876
1⤵
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3368 -ip 3368
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 64 -ip 64
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 64 -ip 64
1⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2256 -ip 2256
1⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 2256 -ip 2256
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4676 -ip 4676
1⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3024 -ip 3024
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2332 -ip 2332
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3452 -ip 3452
1⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3372 -ip 3372
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5452 -ip 5452
1⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2100 -ip 2100
1⤵
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2536 -ip 2536
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 1468 -ip 1468
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3372 -ip 3372
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5452 -ip 5452
1⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2100 -ip 2100
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 2536 -ip 2536
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1468 -ip 1468
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4080 -ip 4080
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 532 -ip 532
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5016 -ip 5016
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3924 -ip 3924
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 400 -ip 400
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3196 -ip 3196
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4112 -ip 4112
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4424 -ip 4424
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5264 -ip 5264
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5492 -ip 5492
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5472 -ip 5472
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 2080 -ip 2080
1⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2056 -ip 2056
1⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 532 -ip 532
1⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1912 -ip 1912
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5016 -ip 5016
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 400 -ip 400
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3924 -ip 3924
1⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4424 -ip 4424
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5040 -ip 5040
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5472 -ip 5472
1⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 264 -ip 264
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4956 -ip 4956
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5416 -ip 5416
1⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 2056 -ip 2056
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2080 -ip 2080
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 1912 -ip 1912
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5040 -ip 5040
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 264 -ip 264
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 868 -ip 868
1⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1964 -ip 1964
1⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4956 -ip 4956
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 2204 -ip 2204
1⤵
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5464 -ip 5464
1⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 244 -ip 244
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1624 -ip 1624
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5416 -ip 5416
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6524 -ip 6524
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6740 -ip 6740
1⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 868 -ip 868
1⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1964 -ip 1964
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5464 -ip 5464
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2204 -ip 2204
1⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 244 -ip 244
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5220 -ip 5220
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1624 -ip 1624
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4304 -ip 4304
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1936 -ip 1936
1⤵
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 628 -ip 628
1⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6524 -ip 6524
1⤵
PID:264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6740 -ip 6740
1⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4436 -ip 4436
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3196 -ip 3196
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5220 -ip 5220
1⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4304 -ip 4304
1⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 628 -ip 628
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1936 -ip 1936
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5264 -ip 5264
1⤵
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4112 -ip 4112
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4336 -ip 4336
1⤵
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3136 -ip 3136
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 412 -ip 412
1⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2548 -ip 2548
1⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 4336 -ip 4336
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3136 -ip 3136
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 412 -ip 412
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4372 -ip 4372
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4256 -ip 4256
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2548 -ip 2548
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5728 -ip 5728
1⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5480 -ip 5480
1⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5288 -ip 5288
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5216 -ip 5216
1⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5396 -ip 5396
1⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5144 -ip 5144
1⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5200 -ip 5200
1⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4352 -ip 4352
1⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5020 -ip 5020
1⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2460 -ip 2460
1⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4372 -ip 4372
1⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3784 -ip 3784
1⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5164 -ip 5164
1⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1636 -ip 1636
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6136 -ip 6136
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5280 -ip 5280
1⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5340 -ip 5340
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3404 -ip 3404
1⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5128 -ip 5128
1⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2344 -ip 2344
1⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4256 -ip 4256
1⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3132 -ip 3132
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1544 -ip 1544
1⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1516 -ip 1516
1⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3076 -ip 3076
1⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5728 -ip 5728
1⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5480 -ip 5480
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5272 -ip 5272
1⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4756 -ip 4756
1⤵
PID:532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5200 -ip 5200
1⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5216 -ip 5216
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5020 -ip 5020
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5144 -ip 5144
1⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4352 -ip 4352
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5916 -ip 5916
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2460 -ip 2460
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3784 -ip 3784
1⤵
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5164 -ip 5164
1⤵
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1636 -ip 1636
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5800 -ip 5800
1⤵
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6136 -ip 6136
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5280 -ip 5280
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3404 -ip 3404
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5492 -ip 5492
1⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5340 -ip 5340
1⤵
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4436 -ip 4436
1⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6404 -ip 6404
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 5680 -ip 5680
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6420 -ip 6420
1⤵
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6316 -ip 6316
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6976 -ip 6976
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 3132 -ip 3132
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6460 -ip 6460
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6220 -ip 6220
1⤵
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1516 -ip 1516
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3076 -ip 3076
1⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1544 -ip 1544
1⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5884 -ip 5884
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5272 -ip 5272
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 4756 -ip 4756
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5836 -ip 5836
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5576 -ip 5576
1⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7076 -ip 7076
1⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7036 -ip 7036
1⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5916 -ip 5916
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5784 -ip 5784
1⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5892 -ip 5892
1⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5448 -ip 5448
1⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5800 -ip 5800
1⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6128 -ip 6128
1⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5444 -ip 5444
1⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5492 -ip 5492
1⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5816 -ip 5816
1⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6404 -ip 6404
1⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5680 -ip 5680
1⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5256 -ip 5256
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6180 -ip 6180
1⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5864 -ip 5864
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5400 -ip 5400
1⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5424 -ip 5424
1⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2716 -ip 2716
1⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5652 -ip 5652
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6460 -ip 6460
1⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5920 -ip 5920
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 7128 -ip 7128
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5436 -ip 5436
1⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5860 -ip 5860
1⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 6220 -ip 6220
1⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4900 -ip 4900
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4440 -ip 4440
1⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5772 -ip 5772
1⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5936 -ip 5936
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5884 -ip 5884
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5368 -ip 5368
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5836 -ip 5836
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6092 -ip 6092
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5576 -ip 5576
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7616 -ip 7616
1⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6512 -ip 6512
1⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5784 -ip 5784
1⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5448 -ip 5448
1⤵
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6128 -ip 6128
1⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5892 -ip 5892
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5488 -ip 5488
1⤵
PID:512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5444 -ip 5444
1⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5816 -ip 5816
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3344 -ip 3344
1⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7040 -ip 7040
1⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5160 -ip 5160
1⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6140 -ip 6140
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5776 -ip 5776
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5256 -ip 5256
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6180 -ip 6180
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5864 -ip 5864
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7536 -ip 7536
1⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2716 -ip 2716
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5424 -ip 5424
1⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5652 -ip 5652
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5920 -ip 5920
1⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5460 -ip 5460
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7128 -ip 7128
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5436 -ip 5436
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7092 -ip 7092
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6968 -ip 6968
1⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4900 -ip 4900
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6236 -ip 6236
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4440 -ip 4440
1⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5772 -ip 5772
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5936 -ip 5936
1⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5368 -ip 5368
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6092 -ip 6092
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6512 -ip 6512
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 6760 -ip 6760
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6804 -ip 6804
1⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5128 -ip 5128
1⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6752 -ip 6752
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6436 -ip 6436
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6332 -ip 6332
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5488 -ip 5488
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3344 -ip 3344
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7040 -ip 7040
1⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 2344 -ip 2344
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5776 -ip 5776
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7536 -ip 7536
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5460 -ip 5460
1⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7092 -ip 7092
1⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4772 -ip 4772
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6968 -ip 6968
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 9816 -ip 9816
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6236 -ip 6236
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2000 -ip 2000
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6996 -ip 6996
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 6548 -ip 6548
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7084 -ip 7084
1⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 7012 -ip 7012
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 6532 -ip 6532
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6868 -ip 6868
1⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6052 -ip 6052
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6564 -ip 6564
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7668 -ip 7668
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6252 -ip 6252
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6696 -ip 6696
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4380 -ip 4380
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6860 -ip 6860
1⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6904 -ip 6904
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6884 -ip 6884
1⤵
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5964 -ip 5964
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 6624 -ip 6624
1⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4960 -ip 4960
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6636 -ip 6636
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6752 -ip 6752
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5744 -ip 5744
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4324 -ip 4324
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4812 -ip 4812
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6456 -ip 6456
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6760 -ip 6760
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6436 -ip 6436
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7772 -ip 7772
1⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6356 -ip 6356
1⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6540 -ip 6540
1⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6428 -ip 6428
1⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5296 -ip 5296
1⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6984 -ip 6984
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4772 -ip 4772
1⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6996 -ip 6996
1⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 2000 -ip 2000
1⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7084 -ip 7084
1⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6548 -ip 6548
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 7012 -ip 7012
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6564 -ip 6564
1⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 6052 -ip 6052
1⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6868 -ip 6868
1⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6532 -ip 6532
1⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7676 -ip 7676
1⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 7668 -ip 7668
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1080 -p 6252 -ip 6252
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4380 -ip 4380
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6696 -ip 6696
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6884 -ip 6884
1⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 6904 -ip 6904
1⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7952 -ip 7952
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 7708 -ip 7708
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6860 -ip 6860
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 7832 -ip 7832
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 5964 -ip 5964
1⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 6636 -ip 6636
1⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 4960 -ip 4960
1⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 4324 -ip 4324
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5744 -ip 5744
1⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6624 -ip 6624
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 7584 -ip 7584
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7652 -ip 7652
1⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5400 -ip 5400
1⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6444 -ip 6444
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7740 -ip 7740
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 4812 -ip 4812
1⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7576 -ip 7576
1⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6808 -ip 6808
1⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7888 -ip 7888
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4572 -ip 4572
1⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 6840 -ip 6840
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7476 -ip 7476
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6456 -ip 6456
1⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7792 -ip 7792
1⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 7340 -ip 7340
1⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7944 -ip 7944
1⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7864 -ip 7864
1⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7772 -ip 7772
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7724 -ip 7724
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6356 -ip 6356
1⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6540 -ip 6540
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6428 -ip 6428
1⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5296 -ip 5296
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6984 -ip 6984
1⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 6140 -ip 6140
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 7952 -ip 7952
1⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 7860 -ip 7860
1⤵
PID:6068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe

Filesize
184KB

MD5
3273f09111d0c0429a70e3c4ed56ed97

SHA1
2dcee7a22b701c08963e89f1a1194d13ff091350

SHA256
ffb5e2af7da9b26ffe25fd9eeb8e7bd3f7e3b0d6beb33c169fbd4cd758ec59e5

SHA512
057ef8fb0fe360db0966e50619876a78efc441675b482fe27e49ae2720e2b2817bc6b80fd7c88642e986283c937343dc0e6c6d3a7b14a8dc284f3881b23d5d25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe

Filesize
184KB

MD5
6c690a1b26c8f5c0afb6152b67609968

SHA1
d6c28a6865c76ffb19d596104b3bdc8443d2f0ba

SHA256
434ff8113b2d17c1bb4ff7199da83ffc81009781749b261bf631ee760645957f

SHA512
8fa0eacc78edc01a9e30d0ce27c45bef8b1eeed1649bf4509cb78e41a7209fe54530431bd33dfafec133176c0bc041249578e163e263a1671c4fe5422444f07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe

Filesize
184KB

MD5
76c85b1df8eff67649b7025540c67279

SHA1
b063731f6b1a758da2cd86042e6485ea7f84427e

SHA256
c8569479d43f503da0aa8478ab97f9d7b21a73985bfadffab16315567804fec1

SHA512
811238bce01ca2f134706539d065d2176acee697e1ed4f7cf484d6764594d2ac53d759803ae974bdd04076594a550cb06f79819c76f197a77ce4aaf143a856c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe

Filesize
184KB

MD5
f41284a1ba662f444e178d33d7e5c9b0

SHA1
c9bb77524f91a648e7ef81a21e8386fbaa489cd0

SHA256
7a573c1bcd02380f0557974413173cf034d33c3e4c1c731c918e5ff8757cd193

SHA512
5246c20d3409191a075f10a9b472e47b5719992ee64db42386fe0e96b8192f6fc2c2aa8c074dc1d80568d0cc7d259f006abcf7fb06a93ac7652af5e47166dce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe

Filesize
184KB

MD5
90d111f7353a4c3a83a7c422d887fe80

SHA1
7d75418faa00afb26d72b02f858602610b1d0ba5

SHA256
099a2da5199876f084e15cec113c44bb576d2e05bfae272c906c376a49204386

SHA512
3ada7bcedc2c092ed55dc57da80b504724e5393d9acc93a4207748ae666eddfd4bc24379f20bcab3ad7f6ca86259528f3921e92c4312343e784982fe2eb4f826

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe

Filesize
184KB

MD5
1df36d9f801bbb88cbaf601a56b451be

SHA1
6dc3b729380d1850ea3d16920709b6da470599dc

SHA256
10702c3a8f84bad731c815d55854630740aacccad1e1a5e39fe8ae66358bbc5e

SHA512
cbb01cecda0248a64b6b69c61941a49309dfac0adba9349f84b9f747c54f596a022adfad2322afcf3db7dcdc4a2611c9bb17c9228463d86d0311f9fe84827068

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe

Filesize
184KB

MD5
07b28aa6950168939971a9ec86409518

SHA1
158297b252b5f1d856c595a767ac735900fbe15a

SHA256
29fc28602513dd3d1f08aa82df60eb43a92079b271a12f2a5bff82a9281388b0

SHA512
fd7cb73ff3c02efaea236f5998c387cef4b7d1bed93b56d14f6a4f5c2ac53c348ffc831396087fb053e271fea886af9556f03aa85d4619447ee1baea008b6fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe

Filesize
184KB

MD5
914320ae32c6ef2cef1c84243686eb0c

SHA1
cc2de03661803f8020f8deaa19654f0583680a31

SHA256
1889528f34a5051604faa85eeb25afec24fbbd18403c46546357a30a6a9961e1

SHA512
40381f186973bcf20ec84289cab873e49c05a505e68a247762b4b3dd842bb1ec50374fbcdb81ba313172f08d0ed03d0f68d22d3aaa309e3264088f59ab0b9d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe

Filesize
184KB

MD5
9b89191a66a1ab1f9a3e76813af13780

SHA1
96f54b67792ab558a743ed432e1a7bb522c8297d

SHA256
b0d2cbffe82a264aac9b1bb10aac7fa4a57cff2007761c3107a678231e430f97

SHA512
e1ee467bb6754110b3ddf5b6c26304de708fe14dafe9a4efc21101c64467d0fd3739fa44206c08dea2c91787cd660f513c07ab8dc6c679c2a4ee61dad7e9bd32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe

Filesize
184KB

MD5
adfc246b21cb6a38fd315f4effa12b21

SHA1
e5d9b66d21b1976aac70fc432536760437b43b8e

SHA256
c039d6766a3ded21b6049761b265e73d53459a0373eb970fac0c04f3e3d4be09

SHA512
61380e396c31200d593a34971193c90a1819a2483fa432b6e570c27ebeb49713afa5b3742d31b82e42ab279b7d4b710cb00aefd89c260a7889bed002f026ae92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe

Filesize
184KB

MD5
5b9ebac781d76e100282df00043f386e

SHA1
6ce51496d0b334a955446532d979ebcd015228bd

SHA256
ee2f165efce2d6c4ad49d987baa18d467d841ef77d0c611f60b971bba406e74e

SHA512
65eff700863032bb2cd04d2b6a76eb5404802ccb22413d7a958f90da78d7635d5a8bd86558a9b7b15f9aa3a0b990786c1f2f8b6f4e9dbd13f2f56a3cd45cab53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe

Filesize
184KB

MD5
ce4645059fd69db7b06f7cac948fbc41

SHA1
244b57b48957e21ece898b7f94e3bc3bc76a2cb2

SHA256
11ff01f674fb9d41262f5cf1b0786c49a7dae4ac0fd156f60e28971929e7cf53

SHA512
0cf3199b705fdc2396be0bab62b0975b2750fbb1f23c07fe207c12b3c8483b245b2aa1400d3db90573b3cb85e8e553238702d8e5d5db3f09e8f57d294132769b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe

Filesize
184KB

MD5
4fca9b6e158c8335e3c4dd72d229d0df

SHA1
8733dd239e2394363bab3886b4037f0e33c6c232

SHA256
b7f81691f5b07240615242edfa486ebb414b932535fd8cc6a7959fa08df6cbe3

SHA512
3d58185d0ce31d9774cb56c47160b14ea4c3b0da5529825901ed513d8108a5257c48c23b0791b5fb8789955cc78467be3ec181ecfd8d52e5067cb0af99d4d150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe

Filesize
184KB

MD5
68166e848edc5103eed5972a16a1112c

SHA1
c806db9c62716c202218c7ac14ec9874b4af2c71

SHA256
111e3bbc7843eeb47d402b4c3e03087528bf5301b1761b6532631816e58c0b4a

SHA512
342cb23b6c7e522b4c9786f022d611e64e18161faa1970e8dfc20afd7cb7e19399d2cc6f5afb4a40fabbec5cab96c6cb0ed7e1fd22f2955a475c9d732e83903e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe

Filesize
184KB

MD5
2b8afbb8dc4791da0871080683278c92

SHA1
f498807764f2b0f5823c5de74b3d99a7261107b0

SHA256
c59dd842fa9e7be9015cfbf0cf2dfa0c7c0556c440596444b997c59bc61b27c6

SHA512
d1fa0951b11ecc3f2ffe78dbd536d1b05af355bd8d1c82451b0f8c13c45a52800fe2f96f32e1959d7768305d23376e300bd4ae0e00111dd76eb3419fbbb1b789

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe

Filesize
184KB

MD5
d173f0cb3639e5503f7f2be94b792dc9

SHA1
92b20ee52cbe2c0d2ffea2cc6f97ef75639c8f6f

SHA256
261c78b163a506556a33c7ff319b569351feaec48c9ee6d1d14278668c693adb

SHA512
ca4415e5b0f692f05a39be9b390cf03efbbd39b4f6c2cf76837461cb3b64011f126f9196d8c100e48bf63055f61ebc95ebbb795f5b83454b4c06f8db44efb21c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe

Filesize
184KB

MD5
e40fd315861cca0166dcf173f6f2f96c

SHA1
5a426b24c6813fd57e6d049ae723959447312f17

SHA256
394be8b59784f0080b20e8060978e60fe47a90246f847a315f71fc6e46403bf2

SHA512
e5e1fcc4d4ee7f1918ea5b619cae4b685545c51bae090568654f9796c97b5670736958ef95928dc43707f3645204fc2ba88778abb5632fdb33fccf43a896c552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe

Filesize
184KB

MD5
cd519257522496b613fe033a1684d6ec

SHA1
cb3905030f132c66fcd40c994220e87c8e6d7fc7

SHA256
39165fc6f029ce6e047cc7605f34133a706e8895d74db5f2b20fc0866629ba71

SHA512
ff47a9a11c904db2b615d3da5b146e5630ead51a6d5b3a88936ad40b3586fad5e63daed056301318d50a1260bbe284a08c26345f244eae735e7570ed0bb3f229

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe

Filesize
184KB

MD5
16627ddf7db6384a7981539c4a05f0be

SHA1
84ec62599dc324ce2965ec44509f518d9bec742d

SHA256
0cbd93665bcb94a65b0c6c1ceafa90fdada94088f715084dfc57876a596b773b

SHA512
ed073a9967df91f457357814e819c986eae4bf6c8a7ebb426ebb9866562abb226c2d7d237604a5987f721b8a2d501bfe10f0a778a972783400382b050c413e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe

Filesize
184KB

MD5
9c286fbb01586eb07c457593489899de

SHA1
b8efc75b0cf1d0ceae2c22fcd915f1f63eadaf99

SHA256
deb5a84a70e66ff187d94f0bb5850e9b55e707b7c29491a57dfeda6986b454a0

SHA512
ae8e6ad19c741fa0b7213855ac23350b55d842a4c737aa6a4cbb85ee9968fa828c211ef14a4b3f6fce8dbfc222de4845fff5c62c57b7447d1f900b7940b3a4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe

Filesize
184KB

MD5
85d38554de447a4fd14aa67cf183e17d

SHA1
6d43a17ff05bb4c37198525b27c303ce3e17a0c7

SHA256
14bc070d9878ad9ac47e6f113b049d43e222787961df4548901a3aeea3e5d2f1

SHA512
cee87e50ceefb88ccbb141131d2d83ae088cc2f461ffbd5ff8fa33d9577c7e27297ccbeacd0a21fe19e60fc43c9ee16bc4c55ea99004d8577ccb9303ff34dc36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe

Filesize
184KB

MD5
fb90e9197073e4ca2c9330914e0bd02c

SHA1
d875bfdb893d43aaba1561c3c6909a11a3c9d017

SHA256
585c8eafa97e95813600a8b0c40ede85da4686974c5f2078a1ff0d7f0a5d56dc

SHA512
74e406c8341cf418b8788c7ea397be0f4b61f9e5073193a40f0af70be14ed904b6ff97d531c28dbb2b105bc9217c8007d8d032bd602b4d7c4ca21ad2bc909dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe

Filesize
184KB

MD5
981bca1ba97a11943e5b8742d361ce65

SHA1
0068287f08a6b9c710ffa5ef3a0e6e64a9a27f38

SHA256
c4038e469e32c4f4d7170274e5e4be0fb01b297c22ce8caa37c8af2eb90aac41

SHA512
7e312ebd6360daf9112e78cf2c93ca5cfec4aabf6e9e0bb3219afb1a5365f81f888f99c76abd83c32bbddaa9ea540695f029c73aa24ffe88c06c85769a245223

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe

Filesize
184KB

MD5
f8293087a5614a869b8957ee85da8bb7

SHA1
5a121b520d6951a72a46a41405e355b9b485d334

SHA256
011a6f17890d074d817d25031b464335e86aad7156cc489756622e118013dacb

SHA512
9c3dbbbad71ca931b6abfa75ebb7aecd790e4c21ce65479fa680c6be346f351a613363569368b27f16863ff4517bd403144d978eeaa8dc4fdc6be9de762101f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe

Filesize
184KB

MD5
f43691bad244511d191d98046aba42fd

SHA1
acd85a54721d046ccf333223f26950e3ce9328cb

SHA256
dcef4de7f6f578b77d846b2e038d8fca317aad42ec000271451c228c8b218ff7

SHA512
0b02d99099cdde3f2d8dca954876c5271bcef5b144b7fce9082942ba9ceaf5cc7124e3c5066f388d85602d2e2c0c259781ff2f19f3beda27dcd1d4bd99c9ad6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe

Filesize
184KB

MD5
3c2a784ca790d57bc9a0290834fe1fd7

SHA1
b1982d51c44c655e2484bb417ec09e8f29c38e71

SHA256
0777adf160944387a2ffbeb226d69f626eaf5b8a2fcbec28800f373e7c2c7995

SHA512
31ef56001d6b44e5166422f5d18c5da69e39904381cf62fd7accd43608f2d80d5b79d69dfdd5bcdcaacf162dbc98f456db7a3529e134f5d19e51f8f1033d8049

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe

Filesize
184KB

MD5
9ff9832ddb1428d93d3a3311391b5e60

SHA1
bb402e578ef4bbdb50b854fdd6f0d76bba5a18a1

SHA256
cc565095fd41c0c393174215d8e8bbc7d0ed730627cb68c2bc61bbff15c8b0df

SHA512
b9328f011e136e7a1f65090550110cdde067bf86c1214c04d1a027bab38ab3186681a2b9c6e9e3ef8343f6fa9518d4edb0ca79eb0fdb58ce49afd4a725b73f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe

Filesize
184KB

MD5
f48af709ad1e829b0c987a6e0111fa38

SHA1
cd8a912e4d4bf1e9832913fd4f346c3dab36e204

SHA256
ffedd5a4b69a83babc3243b14c00b89b17bac570909ad7738c29b39059f93c6a

SHA512
4fd3050a5c954732cca5ec915a093709cbbeaaf2126a7f35da6ba9efa64de9bcac3a34fe4630d2a87fcd7d4c61dc27d279bc95ec2b19226a1b82daae06c53fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe

Filesize
184KB

MD5
51a51fa4a2cbb120222c00c1fd7d78e9

SHA1
8b9bdd91a94df944bf69454a8648e78950c10f1e

SHA256
b56e48f1b9bd9c2668f57ca817e02330bb9a5c4f781a11d99269a76df5b5f815

SHA512
3e307efdacac0ac7ec40d522d8d29e6606bd0ffea39d78f5396ee1134bbdc02752d7bbd2c56e0bb7187037885e405c2a810a6d320cbf7bf6685ce304da07dab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe

Filesize
184KB

MD5
0d0632c007260aac41a84f84d4801b1d

SHA1
3cbcaddbd5de411bf9fc5a3ec6b5b37ccd575495

SHA256
170b3a4c39a003026d934a69b5fff12b5bdfa6705ebd21594d6f7f2e3705f7e7

SHA512
6e37ce36db29cd3dfa1708e7b88c8a39ca9ce0b73571e881c5b9d121cbd8d1b7ac21f2dd5d7b406c2830922a4503dda700f358963c9ea7e984b08020a6978f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe

Filesize
184KB

MD5
8c4fef33837d6b5b7473105c6b6aba41

SHA1
3261ddef746c21623f6cb37f61b838e919c1e3cd

SHA256
8baec308ac8a2b1952b7caee86b2fdf6519c8339e79f492d5d1dacaa19e5fa57

SHA512
ecc0a434d7c1f001d6863a39ce0345a6209632db7f186ede738e3f795b9b47a0c0fb2c630985d79c4c913c93b6f36ddf6f3b93bba9e0dfc78cf11b38991739af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe

Filesize
184KB

MD5
ca5db83eb7505e6fec9a4b34f148ed26

SHA1
f32fd69f444b086eeb0e21467f68016dce9eb6e9

SHA256
83a24bc5e4477f28beb5a198ef408c9994df5c7658233376f5ca2bc285ebb7a0

SHA512
cb5657d78c29630814abe2e99f3b3a897bc8527a85afc93723f586940e3d14a93d533d3c07c0386771dfa575bce749f083806ba1f5762e2b0a4dc4cf3f953fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe

Filesize
184KB

MD5
c43c2c4ab075a1fa34a9a5df5a159089

SHA1
badf5e1f4c084f028a088669b9c47b85626be64f

SHA256
55fe0f416650172a159e435d6c9e917f326a1abebe551e7266dbed81ce785238

SHA512
5125d23e0e6c71cf8aeafcab84b417f60ff09bc8b45e53f22cc670f51b6d854aa3af361803d9fe2545e5b9efdd97d2c891bc98f75344989ec1f54224672dfbaf

Download Submit