58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7

Analysis

max time kernel
120s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe
Size

468KB
MD5

99f8aefe4f1ec4febac458083cdd4120
SHA1

3ea1b7e62dd4572fcf7a9985e90677667d24e5d6
SHA256

58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7
SHA512

f0722c4e99772342046fd0bae47df548f609114c4024b3952cb00850a90ad854803d5f557da24eb364ab315df36ab22b73073656144c90b56ae233b80e82d796
SSDEEP

3072:BqobogCdj08U2bYBPz59ff8/5CK3IXpInmHewVpfck03uk6eGzlV:BqIoh5U2iP19ffP5SCck6L6eG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 55 IoCs

pid	Process
3460	Unicorn-51193.exe
4508	Unicorn-38521.exe
3052	Unicorn-34799.exe
2604	Unicorn-651.exe
3932	Unicorn-16111.exe
1684	Unicorn-61782.exe
4260	Unicorn-19007.exe
3292	Unicorn-32882.exe
4192	Unicorn-3355.exe
2960	Unicorn-35836.exe
936	Unicorn-14901.exe
4032	Unicorn-37855.exe
4548	Unicorn-35202.exe
2640	Unicorn-55068.exe
4884	Unicorn-7102.exe
848	Unicorn-40844.exe
4940	Unicorn-57372.exe
4344	Unicorn-3381.exe
2404	Unicorn-41327.exe
1512	Unicorn-54627.exe
2368	Unicorn-43932.exe
1104	Unicorn-27020.exe
4284	Unicorn-6085.exe
4900	Unicorn-28940.exe
3348	Unicorn-41746.exe
2360	Unicorn-61612.exe
2592	Unicorn-24149.exe
4708	Unicorn-44015.exe
3188	Unicorn-44015.exe
3636	Unicorn-56630.exe
2500	Unicorn-37871.exe
680	Unicorn-51555.exe
3276	Unicorn-37103.exe
4400	Unicorn-22879.exe
3920	Unicorn-36370.exe
3696	Unicorn-55852.exe
2732	Unicorn-29820.exe
2904	Unicorn-59155.exe
2836	Unicorn-45580.exe
856	Unicorn-9186.exe
2708	Unicorn-31823.exe
3452	Unicorn-49036.exe
2320	Unicorn-65180.exe
5032	Unicorn-47583.exe
1228	Unicorn-47583.exe
4964	Unicorn-11874.exe
1636	Unicorn-58268.exe
1680	Unicorn-24828.exe
4100	Unicorn-24444.exe
4520	Unicorn-53779.exe
2316	Unicorn-22991.exe
1468	Unicorn-38869.exe
2268	Unicorn-38869.exe
4320	Unicorn-25679.exe
1536	Unicorn-25980.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3064	2988	WerFault.exe	81
4240	2988	WerFault.exe	81
3056	3460	WerFault.exe	82
4900	3460	WerFault.exe	82
4388	4508	WerFault.exe	85
5052	3052	WerFault.exe	86
2820	4508	WerFault.exe	85
1636	3052	WerFault.exe	86
3368	2604	WerFault.exe	94
3696	1684	WerFault.exe	96
552	2604	WerFault.exe	94
4544	3932	WerFault.exe	95
2144	1684	WerFault.exe	96
4980	3932	WerFault.exe	95
1600	4260	WerFault.exe	104
4772	3292	WerFault.exe	105
4680	4260	WerFault.exe	104
3316	3292	WerFault.exe	105
4232	936	WerFault.exe	108
940	2960	WerFault.exe	107
3944	936	WerFault.exe	108
3328	2960	WerFault.exe	107
3068	4032	WerFault.exe	117
3512	4032	WerFault.exe	117
404	4548	WerFault.exe	118
3052	4548	WerFault.exe	118
4680	2640	WerFault.exe	119
4568	848	WerFault.exe	121
1964	4884	WerFault.exe	120
2116	4344	WerFault.exe	123
4812	2640	WerFault.exe	119
1608	1104	WerFault.exe	139
4364	2368	WerFault.exe	138
2728	4884	WerFault.exe	120
2384	2404	WerFault.exe	136
5292	4708	WerFault.exe	145
888	2732	WerFault.exe	170
4364	4100	WerFault.exe	193
6040	3452	WerFault.exe	177
7000	2836	WerFault.exe	173
6740	1608	WerFault.exe	329
7560	5852	WerFault.exe	290
7440	984	WerFault.exe	237
2640	5288	WerFault.exe	308
7420	5508	WerFault.exe	321
836	5584	WerFault.exe	319
7636	3012	WerFault.exe	266
7684	3720	WerFault.exe	305
2368	5308	WerFault.exe	313
8008	5460	WerFault.exe	345
8036	5428	WerFault.exe	317
4700	984	WerFault.exe	237
4532	5416	WerFault.exe	352
7500	3204	WerFault.exe	227
6512	4320	WerFault.exe	200
8060	1248	WerFault.exe	365
1736	3652	WerFault.exe	336
7692	4372	WerFault.exe	362
888	4404	WerFault.exe	226
4680	5820	WerFault.exe	330
6572	5420	WerFault.exe	316
7588	4612	WerFault.exe	337
5536	5568	WerFault.exe	344
7952	6056	WerFault.exe	332

System Location Discovery: System Language Discovery 1 TTPs 56 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58268.exe

Suspicious use of SetWindowsHookEx 54 IoCs

pid	Process
2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe
3460	Unicorn-51193.exe
4508	Unicorn-38521.exe
3052	Unicorn-34799.exe
2604	Unicorn-651.exe
1684	Unicorn-61782.exe
3932	Unicorn-16111.exe
4260	Unicorn-19007.exe
3292	Unicorn-32882.exe
4192	Unicorn-3355.exe
936	Unicorn-14901.exe
2960	Unicorn-35836.exe
4032	Unicorn-37855.exe
4548	Unicorn-35202.exe
2640	Unicorn-55068.exe
848	Unicorn-40844.exe
4884	Unicorn-7102.exe
4940	Unicorn-57372.exe
4344	Unicorn-3381.exe
2404	Unicorn-41327.exe
1512	Unicorn-54627.exe
2368	Unicorn-43932.exe
1104	Unicorn-27020.exe
4284	Unicorn-6085.exe
4900	Unicorn-28940.exe
3348	Unicorn-41746.exe
3636	Unicorn-56630.exe
2592	Unicorn-24149.exe
4708	Unicorn-44015.exe
2360	Unicorn-61612.exe
3188	Unicorn-44015.exe
680	Unicorn-51555.exe
2500	Unicorn-37871.exe
3276	Unicorn-37103.exe
4400	Unicorn-22879.exe
3920	Unicorn-36370.exe
3696	Unicorn-55852.exe
2904	Unicorn-59155.exe
2732	Unicorn-29820.exe
2836	Unicorn-45580.exe
856	Unicorn-9186.exe
2708	Unicorn-31823.exe
3452	Unicorn-49036.exe
2320	Unicorn-65180.exe
1228	Unicorn-47583.exe
5032	Unicorn-47583.exe
4964	Unicorn-11874.exe
1636	Unicorn-58268.exe
1680	Unicorn-24828.exe
4100	Unicorn-24444.exe
4520	Unicorn-53779.exe
2316	Unicorn-22991.exe
1468	Unicorn-38869.exe
4320	Unicorn-25679.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3460	2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe	82
PID 2988 wrote to memory of 3460	2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe	82
PID 2988 wrote to memory of 3460	2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe	82
PID 3460 wrote to memory of 4508	3460	Unicorn-51193.exe	85
PID 3460 wrote to memory of 4508	3460	Unicorn-51193.exe	85
PID 3460 wrote to memory of 4508	3460	Unicorn-51193.exe	85
PID 2988 wrote to memory of 3052	2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe	86
PID 2988 wrote to memory of 3052	2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe	86
PID 2988 wrote to memory of 3052	2988	58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe	86
PID 4508 wrote to memory of 2604	4508	Unicorn-38521.exe	94
PID 4508 wrote to memory of 2604	4508	Unicorn-38521.exe	94
PID 4508 wrote to memory of 2604	4508	Unicorn-38521.exe	94
PID 3052 wrote to memory of 3932	3052	Unicorn-34799.exe	95
PID 3052 wrote to memory of 3932	3052	Unicorn-34799.exe	95
PID 3052 wrote to memory of 3932	3052	Unicorn-34799.exe	95
PID 3460 wrote to memory of 1684	3460	Unicorn-51193.exe	96
PID 3460 wrote to memory of 1684	3460	Unicorn-51193.exe	96
PID 3460 wrote to memory of 1684	3460	Unicorn-51193.exe	96
PID 2604 wrote to memory of 4260	2604	Unicorn-651.exe	104
PID 2604 wrote to memory of 4260	2604	Unicorn-651.exe	104
PID 2604 wrote to memory of 4260	2604	Unicorn-651.exe	104
PID 4508 wrote to memory of 3292	4508	Unicorn-38521.exe	105
PID 4508 wrote to memory of 3292	4508	Unicorn-38521.exe	105
PID 4508 wrote to memory of 3292	4508	Unicorn-38521.exe	105
PID 1684 wrote to memory of 4192	1684	Unicorn-61782.exe	106
PID 1684 wrote to memory of 4192	1684	Unicorn-61782.exe	106
PID 1684 wrote to memory of 4192	1684	Unicorn-61782.exe	106
PID 3932 wrote to memory of 2960	3932	Unicorn-16111.exe	107
PID 3932 wrote to memory of 2960	3932	Unicorn-16111.exe	107
PID 3932 wrote to memory of 2960	3932	Unicorn-16111.exe	107
PID 3052 wrote to memory of 936	3052	Unicorn-34799.exe	108
PID 3052 wrote to memory of 936	3052	Unicorn-34799.exe	108
PID 3052 wrote to memory of 936	3052	Unicorn-34799.exe	108
PID 4260 wrote to memory of 4032	4260	Unicorn-19007.exe	117
PID 4260 wrote to memory of 4032	4260	Unicorn-19007.exe	117
PID 4260 wrote to memory of 4032	4260	Unicorn-19007.exe	117
PID 2604 wrote to memory of 4548	2604	Unicorn-651.exe	118
PID 2604 wrote to memory of 4548	2604	Unicorn-651.exe	118
PID 2604 wrote to memory of 4548	2604	Unicorn-651.exe	118
PID 3292 wrote to memory of 2640	3292	Unicorn-32882.exe	119
PID 3292 wrote to memory of 2640	3292	Unicorn-32882.exe	119
PID 3292 wrote to memory of 2640	3292	Unicorn-32882.exe	119
PID 936 wrote to memory of 4884	936	Unicorn-14901.exe	120
PID 936 wrote to memory of 4884	936	Unicorn-14901.exe	120
PID 936 wrote to memory of 4884	936	Unicorn-14901.exe	120
PID 2960 wrote to memory of 848	2960	Unicorn-35836.exe	121
PID 2960 wrote to memory of 848	2960	Unicorn-35836.exe	121
PID 2960 wrote to memory of 848	2960	Unicorn-35836.exe	121
PID 4192 wrote to memory of 4940	4192	Unicorn-3355.exe	122
PID 4192 wrote to memory of 4940	4192	Unicorn-3355.exe	122
PID 4192 wrote to memory of 4940	4192	Unicorn-3355.exe	122
PID 1684 wrote to memory of 4344	1684	Unicorn-61782.exe	123
PID 1684 wrote to memory of 4344	1684	Unicorn-61782.exe	123
PID 1684 wrote to memory of 4344	1684	Unicorn-61782.exe	123
PID 4032 wrote to memory of 2404	4032	Unicorn-37855.exe	136
PID 4032 wrote to memory of 2404	4032	Unicorn-37855.exe	136
PID 4032 wrote to memory of 2404	4032	Unicorn-37855.exe	136
PID 4260 wrote to memory of 1512	4260	Unicorn-19007.exe	137
PID 4260 wrote to memory of 1512	4260	Unicorn-19007.exe	137
PID 4260 wrote to memory of 1512	4260	Unicorn-19007.exe	137
PID 4548 wrote to memory of 2368	4548	Unicorn-35202.exe	138
PID 4548 wrote to memory of 2368	4548	Unicorn-35202.exe	138
PID 4548 wrote to memory of 2368	4548	Unicorn-35202.exe	138
PID 2640 wrote to memory of 1104	2640	Unicorn-55068.exe	139

C:\Users\Admin\AppData\Local\Temp\58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe
"C:\Users\Admin\AppData\Local\Temp\58590b28d2187be0a21deb516f802f90e1f5af5aa551e2e852416599751aa1b7N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        11⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        12⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        13⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        14⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        15⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        16⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        17⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        18⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        19⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 648
        13⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        11⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        13⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        14⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        15⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        16⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        17⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
        18⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 632
        13⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14210.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        11⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        13⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 612
        14⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 636
        13⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 684
        12⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        11⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        12⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        13⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
        14⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        15⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        16⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17900.exe
        17⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        18⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 720
        13⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 628
        12⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        10⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        11⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
        13⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        14⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        15⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        16⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        17⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 608
        12⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        9⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
        10⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        11⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        12⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        13⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        14⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 636
        13⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 648
        12⤵
        Program crash
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
        10⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        11⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        12⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        13⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        14⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        15⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        16⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        17⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 624
        12⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 660
        11⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 668
        10⤵
        Program crash
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 668
        10⤵
        Program crash
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 708
        8⤵
        Program crash
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        9⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        11⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        13⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        14⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        10⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        11⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        13⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        14⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        15⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        16⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        17⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 640
        12⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        12⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30508.exe
        13⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        14⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48291.exe
        15⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        16⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 752
        10⤵
        Program crash
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        11⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        12⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        13⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        14⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        15⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        16⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        17⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 752
        12⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 636
        11⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 756
        7⤵
        Program crash
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 756
        7⤵
        Program crash
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
        11⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
        12⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        13⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 736
        13⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 664
        12⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        11⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3867.exe
        12⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        13⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        14⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        15⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        16⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        17⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
        18⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 716
        11⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 720
        10⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 720
        9⤵
        Program crash
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        10⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        11⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        12⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        13⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        14⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        15⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        16⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        17⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 624
        12⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 728
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 696
        10⤵
        Program crash
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        11⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
        12⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 664
        12⤵
        
        PID:11220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 728
        6⤵
        Program crash
        
        PID:1600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 764
        6⤵
        Program crash
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22991.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        10⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        12⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        13⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        14⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 484
        12⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        11⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        12⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        13⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        14⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        15⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        16⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        17⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 636
        12⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 648
        11⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        10⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 608
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 768
        7⤵
        Program crash
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        11⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        12⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        13⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        14⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        15⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        16⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        17⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 616
        11⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 660
        10⤵
        
        PID:888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 708
        9⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 624
        8⤵
        Program crash
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25429.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        11⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        12⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        13⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        14⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        15⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 636
        10⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 724
        9⤵
        Program crash
        
        PID:6572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 720
        6⤵
        Program crash
        
        PID:404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 716
        6⤵
        Program crash
        
        PID:3052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 724
        5⤵
        Program crash
        
        PID:3368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 724
        5⤵
        Program crash
        
        PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        12⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        13⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        14⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        15⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        16⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        17⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        18⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 636
        13⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 648
        12⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 724
        11⤵
        Program crash
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        11⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        12⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        13⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        14⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        15⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        16⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 732
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 652
        11⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        11⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        12⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        13⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        14⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        15⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        16⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        17⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 632
        12⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 660
        11⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 744
        10⤵
        Program crash
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        10⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        12⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
        13⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        14⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        15⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        16⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        17⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 712
        11⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 628
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 764
        7⤵
        Program crash
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59155.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        11⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
        12⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        13⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        14⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 696
        11⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 608
        10⤵
        
        PID:8884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 720
        6⤵
        Program crash
        
        PID:4680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 720
        6⤵
        Program crash
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46835.exe
        11⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 720
        12⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 628
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 768
        7⤵
        Program crash
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        6⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        7⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        12⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        13⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        14⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        15⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        16⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 708
        11⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 724
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 636
        9⤵
        Program crash
        
        PID:7420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 720
        5⤵
        Program crash
        
        PID:4772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 720
        5⤵
        Program crash
        
        PID:3316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 708
      4⤵
      Program crash
      PID:4388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 708
      4⤵
      Program crash
      PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        9⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
        11⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 632
        12⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 716
        10⤵
        Program crash
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        11⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        12⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        13⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        14⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        15⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        16⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 644
        11⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 636
        10⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 668
        9⤵
        Program crash
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19596.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        10⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        12⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        13⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        14⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        15⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 664
        11⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 664
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 724
        10⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 648
        9⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        11⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        12⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        13⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        14⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        15⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        16⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        17⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 744
        11⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 652
        10⤵
        Program crash
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        10⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        11⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        13⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
        14⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        15⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 720
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 628
        8⤵
        Program crash
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        8⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 604
        9⤵
        Program crash
        
        PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        12⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        13⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        14⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        15⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        16⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18892.exe
        17⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 656
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        9⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        10⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        11⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        12⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        13⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        14⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        15⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
        16⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 636
        12⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 652
        10⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 712
        9⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        12⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        13⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        14⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
        15⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 704
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 640
        9⤵
        Program crash
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        9⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        10⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        12⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        13⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        14⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 600
        10⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 636
        8⤵
        Program crash
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        10⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 752
        10⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 688
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        11⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        12⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        13⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        14⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 636
        8⤵
        
        PID:9264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 768
        6⤵
        Program crash
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        10⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        11⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        12⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        13⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        14⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        15⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 624
        10⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 744
        9⤵
        
        PID:9436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 664
        5⤵
        Program crash
        
        PID:2116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 752
      4⤵
      Program crash
      PID:3696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 788
      4⤵
      Program crash
      PID:2144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 736
    3⤵
    - Program crash
    PID:3056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 748
    3⤵
    - Program crash
    PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        9⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        12⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        13⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41404.exe
        14⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 596
        12⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 660
        11⤵
        Program crash
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        10⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        12⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        13⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        14⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        15⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
        16⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 712
        12⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 696
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 636
        10⤵
        Program crash
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 636
        10⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 540
        9⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 716
        8⤵
        Program crash
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56271.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        11⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17903.exe
        12⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        13⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        14⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        15⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 660
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 628
        10⤵
        Program crash
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        11⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        12⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        13⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        14⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        15⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        16⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 636
        11⤵
        
        PID:9136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 760
        6⤵
        Program crash
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31839.exe
        7⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        12⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        13⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        14⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        15⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        16⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 648
        11⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        10⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        11⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        12⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        13⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        14⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 696
        10⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 608
        9⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        11⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        12⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        13⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 664
        11⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 652
        10⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 656
        9⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        10⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        11⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        12⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        13⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 636
        8⤵
        
        PID:9288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 744
        5⤵
        Program crash
        
        PID:940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 744
        5⤵
        Program crash
        
        PID:3328
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 724
      4⤵
      Program crash
      PID:4544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 748
      4⤵
      Program crash
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        11⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        12⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        13⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        14⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        15⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 632
        11⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        11⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        12⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        13⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        14⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        16⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 624
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 656
        8⤵
        Program crash
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        7⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 652
        7⤵
        Program crash
        
        PID:888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 708
        5⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 772
        5⤵
        Program crash
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        9⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        11⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        12⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        13⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
        14⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        15⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 636
        10⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 700
        9⤵
        Program crash
        
        PID:7588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 744
        6⤵
        Program crash
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4091.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        10⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        11⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        12⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        13⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        14⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 636
        9⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 600
        8⤵
        Program crash
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        8⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 624
        7⤵
        
        PID:10060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 636
      4⤵
      Program crash
      PID:4232
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 636
      4⤵
      Program crash
      PID:3944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 752
    3⤵
    - Program crash
    PID:5052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 752
    3⤵
    - Program crash
    PID:1636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 740
  2⤵
  - Program crash
  PID:3064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 768
  2⤵
  - Program crash
  PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2988 -ip 2988
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2988 -ip 2988
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3460 -ip 3460
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3460 -ip 3460
1⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4508 -ip 4508
1⤵
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3052 -ip 3052
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4508 -ip 4508
1⤵
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3052 -ip 3052
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2604 -ip 2604
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1684 -ip 1684
1⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2604 -ip 2604
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3932 -ip 3932
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1684 -ip 1684
1⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3932 -ip 3932
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4260 -ip 4260
1⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3292 -ip 3292
1⤵
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4260 -ip 4260
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3292 -ip 3292
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 936 -ip 936
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2960 -ip 2960
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4192 -ip 4192
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4192 -ip 4192
1⤵
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 936 -ip 936
1⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2960 -ip 2960
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4032 -ip 4032
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4032 -ip 4032
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4548 -ip 4548
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4548 -ip 4548
1⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2640 -ip 2640
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 848 -ip 848
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4884 -ip 4884
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4940 -ip 4940
1⤵
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4344 -ip 4344
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4940 -ip 4940
1⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2640 -ip 2640
1⤵
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2404 -ip 2404
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1512 -ip 1512
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2368 -ip 2368
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1104 -ip 1104
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2404 -ip 2404
1⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2368 -ip 2368
1⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4884 -ip 4884
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 848 -ip 848
1⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4284 -ip 4284
1⤵
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2592 -ip 2592
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1512 -ip 1512
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3188 -ip 3188
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4344 -ip 4344
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4708 -ip 4708
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3348 -ip 3348
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4900 -ip 4900
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4284 -ip 4284
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2592 -ip 2592
1⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3636 -ip 3636
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2360 -ip 2360
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3188 -ip 3188
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4708 -ip 4708
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 2732 -ip 2732
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2904 -ip 2904
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3348 -ip 3348
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4900 -ip 4900
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3636 -ip 3636
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2360 -ip 2360
1⤵
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 680 -ip 680
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3920 -ip 3920
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 856 -ip 856
1⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1104 -ip 1104
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2904 -ip 2904
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4400 -ip 4400
1⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2732 -ip 2732
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2500 -ip 2500
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3696 -ip 3696
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3276 -ip 3276
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 3452 -ip 3452
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1228 -ip 1228
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4964 -ip 4964
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5032 -ip 5032
1⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2836 -ip 2836
1⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 680 -ip 680
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4100 -ip 4100
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3920 -ip 3920
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4520 -ip 4520
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 856 -ip 856
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2316 -ip 2316
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1468 -ip 1468
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 1536 -ip 1536
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2708 -ip 2708
1⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2268 -ip 2268
1⤵
PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 3904 -ip 3904
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4464 -ip 4464
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3820 -ip 3820
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4416 -ip 4416
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3692 -ip 3692
1⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1556 -ip 1556
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2500 -ip 2500
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4064 -ip 4064
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3696 -ip 3696
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4400 -ip 4400
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3276 -ip 3276
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1680 -ip 1680
1⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5028 -ip 5028
1⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1452 -ip 1452
1⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1228 -ip 1228
1⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2320 -ip 2320
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1636 -ip 1636
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2836 -ip 2836
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 404 -ip 404
1⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2828 -ip 2828
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3832 -ip 3832
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5032 -ip 5032
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2736 -ip 2736
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4960 -ip 4960
1⤵
PID:728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1900 -ip 1900
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4964 -ip 4964
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4520 -ip 4520
1⤵
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2316 -ip 2316
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1468 -ip 1468
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3044 -ip 3044
1⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 836 -ip 836
1⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2552 -ip 2552
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1536 -ip 1536
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3820 -ip 3820
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2708 -ip 2708
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2268 -ip 2268
1⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 740 -ip 740
1⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3904 -ip 3904
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4064 -ip 4064
1⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4416 -ip 4416
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 4464 -ip 4464
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 3692 -ip 3692
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1556 -ip 1556
1⤵
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4696 -ip 4696
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4996 -ip 4996
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1680 -ip 1680
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1452 -ip 1452
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2952 -ip 2952
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 920 -ip 920
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5028 -ip 5028
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4320 -ip 4320
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2320 -ip 2320
1⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1636 -ip 1636
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5464 -ip 5464
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 404 -ip 404
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5396 -ip 5396
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5560 -ip 5560
1⤵
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5344 -ip 5344
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 2828 -ip 2828
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1848 -ip 1848
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1032 -ip 1032
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3832 -ip 3832
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5196 -ip 5196
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1276 -ip 1276
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5576 -ip 5576
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4496 -ip 4496
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 544 -ip 544
1⤵
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2736 -ip 2736
1⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 4960 -ip 4960
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1900 -ip 1900
1⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3044 -ip 3044
1⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5860 -ip 5860
1⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5920 -ip 5920
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1748 -ip 1748
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 2552 -ip 2552
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1116 -p 836 -ip 836
1⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 5956 -ip 5956
1⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5868 -ip 5868
1⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 2468 -ip 2468
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2256 -ip 2256
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6044 -ip 6044
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3596 -ip 3596
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 5896 -ip 5896
1⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5876 -ip 5876
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 740 -ip 740
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 1932 -ip 1932
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5836 -ip 5836
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 1608 -ip 1608
1⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2824 -ip 2824
1⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4696 -ip 4696
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 4248 -ip 4248
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4996 -ip 4996
1⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5824 -ip 5824
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1156 -p 4492 -ip 4492
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 5240 -ip 5240
1⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3664 -ip 3664
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1184 -p 1492 -ip 1492
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 5624 -ip 5624
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5124 -ip 5124
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 6028 -ip 6028
1⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 5928 -ip 5928
1⤵
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 4552 -ip 4552
1⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 936 -ip 936
1⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 5528 -ip 5528
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5308 -ip 5308
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 2952 -ip 2952
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 5584 -ip 5584
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3720 -ip 3720
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3012 -ip 3012
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5852 -ip 5852
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 984 -ip 984
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 920 -ip 920
1⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 5288 -ip 5288
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4320 -ip 4320
1⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 5508 -ip 5508
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3204 -ip 3204
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5460 -ip 5460
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5428 -ip 5428
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 5416 -ip 5416
1⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1248 -ip 1248
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5464 -ip 5464
1⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 6056 -ip 6056
1⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5568 -ip 5568
1⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4612 -ip 4612
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5420 -ip 5420
1⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5820 -ip 5820
1⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3652 -ip 3652
1⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4372 -ip 4372
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4404 -ip 4404
1⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1224 -p 5300 -ip 5300
1⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 5396 -ip 5396
1⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5720 -ip 5720
1⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 5560 -ip 5560
1⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 5780 -ip 5780
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 5244 -ip 5244
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 5344 -ip 5344
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 3528 -ip 3528
1⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1848 -ip 1848
1⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 1032 -ip 1032
1⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5548 -ip 5548
1⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1352 -p 1276 -ip 1276
1⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 5188 -ip 5188
1⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1276 -p 5204 -ip 5204
1⤵
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 5440 -ip 5440
1⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 5196 -ip 5196
1⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1288 -p 4496 -ip 4496
1⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1436 -p 4340 -ip 4340
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 5576 -ip 5576
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1240 -p 544 -ip 544
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5860 -ip 5860
1⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5920 -ip 5920
1⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1496 -p 1748 -ip 1748
1⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5472 -ip 5472
1⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1236 -p 5956 -ip 5956
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1284 -p 5868 -ip 5868
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 6392 -ip 6392
1⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 2468 -ip 2468
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 2740 -ip 2740
1⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 5944 -ip 5944
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 6620 -ip 6620
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1316 -p 3188 -ip 3188
1⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 3132 -ip 3132
1⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5832 -ip 5832
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 6384 -ip 6384
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6480 -ip 6480
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6660 -ip 6660
1⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1500 -p 2256 -ip 2256
1⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3596 -ip 3596
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 6044 -ip 6044
1⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5876 -ip 5876
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 6640 -ip 6640
1⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1304 -p 6604 -ip 6604
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1188 -p 5896 -ip 5896
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 1932 -ip 1932
1⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5740 -ip 5740
1⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1536 -p 5836 -ip 5836
1⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6188 -ip 6188
1⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4772 -ip 4772
1⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 6204 -ip 6204
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 3452 -ip 3452
1⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2500 -ip 2500
1⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1520 -p 6652 -ip 6652
1⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6268 -ip 6268
1⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6228 -ip 6228
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 2824 -ip 2824
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 6152 -ip 6152
1⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 4248 -ip 4248
1⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1308 -p 6160 -ip 6160
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1576 -p 5824 -ip 5824
1⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1604 -p 4492 -ip 4492
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5240 -ip 5240
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1612 -p 5192 -ip 5192
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 6524 -ip 6524
1⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6196 -ip 6196
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1632 -p 4596 -ip 4596
1⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 1492 -ip 1492
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1644 -p 3664 -ip 3664
1⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1572 -p 1624 -ip 1624
1⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1592 -p 6028 -ip 6028
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 5624 -ip 5624
1⤵
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6212 -ip 6212
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1360 -p 6220 -ip 6220
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 5928 -ip 5928
1⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 1980 -ip 1980
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1336 -p 6788 -ip 6788
1⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1496 -p 6876 -ip 6876
1⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1616 -p 5528 -ip 5528
1⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1636 -p 5124 -ip 5124
1⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 936 -ip 936
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 4552 -ip 4552
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4100 -ip 4100
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 4976 -ip 4976
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1548 -p 6816 -ip 6816
1⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1632 -p 6832 -ip 6832
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1084 -ip 1084
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6632 -ip 6632
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 856 -ip 856
1⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1580 -p 6404 -ip 6404
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1328 -p 6440 -ip 6440
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1540 -p 6696 -ip 6696
1⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1624 -p 6628 -ip 6628
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1444 -p 1108 -ip 1108
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7028 -ip 7028
1⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3956 -ip 3956
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6776 -ip 6776
1⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1644 -p 6360 -ip 6360
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1332 -p 4528 -ip 4528
1⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7140 -ip 7140
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1132 -p 1016 -ip 1016
1⤵
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 5412 -ip 5412
1⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 3112 -ip 3112
1⤵
PID:1144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 6980 -ip 6980
1⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 7200 -ip 7200
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3040 -ip 3040
1⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 1264 -ip 1264
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6472 -ip 6472
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 2756 -ip 2756
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 6576 -ip 6576
1⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6808 -ip 6808
1⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 6284 -ip 6284
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1972 -ip 1972
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1340 -p 6356 -ip 6356
1⤵
PID:728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 4244 -ip 4244
1⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6060 -ip 6060
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6952 -ip 6952
1⤵
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5224 -ip 5224
1⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4416 -ip 4416
1⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3604 -ip 3604
1⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1592 -p 7680 -ip 7680
1⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4404 -ip 4404
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 6860 -ip 6860
1⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6056 -ip 6056
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7184 -ip 7184
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5420 -ip 5420
1⤵
PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 5204 -ip 5204
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 5832 -ip 5832
1⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7536 -ip 7536
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5016 -ip 5016
1⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 7524 -ip 7524
1⤵
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1636 -ip 1636
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1564 -p 3148 -ip 3148
1⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2828 -ip 2828
1⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 2936 -ip 2936
1⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1672 -p 7736 -ip 7736
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 7780 -ip 7780
1⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6688 -ip 6688
1⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1700 -p 7616 -ip 7616
1⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1728 -p 7600 -ip 7600
1⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1756 -p 6964 -ip 6964
1⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 7672 -ip 7672
1⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3600 -ip 3600
1⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1812 -p 5284 -ip 5284
1⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4968 -ip 4968
1⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3304 -ip 3304
1⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1692 -p 7752 -ip 7752
1⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 7788 -ip 7788
1⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1816 -p 6476 -ip 6476
1⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1716 -p 6040 -ip 6040
1⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1728 -p 2340 -ip 2340
1⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2744 -ip 2744
1⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1824 -p 6660 -ip 6660
1⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5472 -ip 5472
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1704 -p 1408 -ip 1408
1⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 6844 -ip 6844
1⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4088 -ip 4088
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5484 -ip 5484
1⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6380 -ip 6380
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1872 -p 6188 -ip 6188
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1728 -p 3652 -ip 3652
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1716 -p 6592 -ip 6592
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1916 -p 6108 -ip 6108
1⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1944 -p 6596 -ip 6596
1⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6616 -ip 6616
1⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1940 -p 4712 -ip 4712
1⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 5316 -ip 5316
1⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1808 -p 3500 -ip 3500
1⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6332 -ip 6332
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 2004 -p 680 -ip 680
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1712 -p 7468 -ip 7468
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5676 -ip 5676
1⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 1180 -ip 1180
1⤵
PID:11304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe

Filesize
468KB

MD5
24128c9e6aaca9d20b6c2247e20d22d9

SHA1
d3a4c306b447b23ac9834a29acc1e2519b562792

SHA256
889ca1e90854765681715cc03f8dfb27dc1110fa59624c0c8d3c5450650c1d3b

SHA512
547008a58e53eedf666c35f1feddb45430d397ce0839baf5a3f0b171ea8fa269001ac6b1224e6d1d7f32c8ea4c268eabd13e761b0842caaa87e03b1d3b2c1911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe

Filesize
468KB

MD5
26d15272cb24aa9516940867696c3d91

SHA1
26d1f30780d6f59e619465fc0472b4f0f24aa7e1

SHA256
b0529775baf484f4bc36662f08aae9690d22a38a4840b229ae4f7a624a906c33

SHA512
ac8a743687dd12b5e66fe85707ccf7c40539dc426ba8e21fe29a56fabb1b87e4b8fb60b32bda9c39cffce93b94ed7a037cda7c779ba1d7cecf568c8b46b18fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe

Filesize
468KB

MD5
19558b6909f7e3945095ecef51502e32

SHA1
53b8c98434a4d08965e7a87913a81b8a5c0bfb22

SHA256
560ec315e134e0f011eabc5435d056554ac75818cc288489ab49459a706f2d76

SHA512
9d36538aa50309a6557ecc8ea1cfcb95f3c0ed3f3929c9bc831911bb09bbf8a9711f2d9dd1940bc6405692f771dc4bf31d2937532afb6f87be039150cee2f23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe

Filesize
468KB

MD5
2a16ecee0d40e6671ea253132df26c2f

SHA1
1dd5415534bf33d71f11d8ba5fae66716ed3b748

SHA256
a310dbc3f4f98d03a2493b979fc2edf5324fa83f5c6cad48a200ced2951161d5

SHA512
a5d7278719d5869f877113cdff8e443524b09838c935b11f7a23a6626305b97d93fc359d548247d27033d1a7afd36a4a6fc4fcde2133d41bf6fa93c669ab2552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe

Filesize
468KB

MD5
e35d75061f237d5a911a428c9b58385a

SHA1
cb84bb7f809bac2bd7dc98e58e2530409517d772

SHA256
ba6944b672d99360524c1db453fb95613fafde9007a90283073c8cb59606f13a

SHA512
eb871cc3a2fea9a5bed81bb2c566e778dc8c4b8c540c63d90eac1ee891e37a151f941174db7f9138f32e8bf74730f04db22bb19ee5b64f9ecd395e775ef0d74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe

Filesize
468KB

MD5
1b8de583737f9a473fd67f08dc964eec

SHA1
5ae6e78aa61d8991ad87c64c663eeec44a2fc80e

SHA256
0f40925e1ae19914b3df888494a72845dae9df2d5f3af6ca0f0e32b073f08fbb

SHA512
daf2a20d6595270f041bb41b8798359c94364b873e5310008fe2a66341dbfe492edbe52adf0aaa71d056ba1abdf86fdd61f03367d7770c29b87bcaad65a7f35d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe

Filesize
468KB

MD5
ac3b3b6d20de30c2a27a1ad01d5b73af

SHA1
53983913ea1cb6f954d11fca32d2a415ad6daa8c

SHA256
9adeb292af5127a9759328ccf0c9c14f3cafee0113798d2073da93de7087e315

SHA512
5290178a4c4a84688e8bbc53a370e66e98a0ad8f2b5179b2caeccf8c9471e47ed70a8dbf8c6220235c6403f0de8184db739ed3030873be2682b2161f6899e8b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe

Filesize
468KB

MD5
aa09e8b0795574d35f9f51c392c57e33

SHA1
3fb7bc7641cb7a0b5dfef91ced6b8a99ec4e875c

SHA256
b74348a1babff7fcf1170f83b2ed3d8b27071bd20b0fefac65eb1481ed3ac2ef

SHA512
9cf7bcf31153dbe66e520c1094f8b46419565b06d63cd27f2bb84a15e069bd670054f877bb815a3c32d663326b0d94fb52174c1ae71aecc6e884b17c7215fecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe

Filesize
468KB

MD5
c8a3299db48bb92f8ce8d8246be19600

SHA1
835ea4057995318dceeacd4f449b46d8a94d18cb

SHA256
5f9f5c5890524ab6cd1d698f74e3b58eea1f624b080217b5d0cd24384306e3b7

SHA512
ecaef7c9feb09601aaf631815b365e9427dbf9672858f111cab5970a06c93ccc9c4c7a90526db5a84f4d146d8f61f19d0738e4fe24a6890c2a7d218ad4aed3ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe

Filesize
468KB

MD5
125438505095210706082d707b29e291

SHA1
1c26483f2c8d08548f9d862c476549788fa91d9a

SHA256
4ad240435a2ebb2ee9c4fe7bccb4ae7aa6db2142cae904633231571fe7f52cdd

SHA512
d9a544e876e00bac330c44bb7e100f22ddce6642324dfc7d40f1fc4d897bf899d360232821ece07286080bf22e1b5089a777388f2f403911b7583298752cdf4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe

Filesize
468KB

MD5
cef81eafa640cdc1da28bb887d5a0b28

SHA1
41cc1bd4b33cb89abb03a5c6f55c9a15d4b8b401

SHA256
45f1d87bbf426b001dcc306da5cbad08ee048b9fe07ebb58099f957737774692

SHA512
9f4b0cf48d167d816034c6b797747afa756e4af40717d22950e91afbe16b61f04ac06795bb77e0676696c5f860fa217dcdf6ede3a25e8cab265a01521c3ac22c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe

Filesize
468KB

MD5
1146dbedd8716871bc216d7c3e9e22a9

SHA1
2b69df9d62430f58e4c77b34f8b1405ca5926465

SHA256
36cfe3fdbed63977e2ace1dc42183addb9d356a8d4b8e91157ad711387750b3e

SHA512
5fd34c87d883404d47fb8d1e3e0a3bd4aa6f6f13f3adadd6d148305c5cad5c65ed23413c396a4cc1b49338d12df0b4dddb17397b9a2790045608f160fcc57388

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe

Filesize
468KB

MD5
1be431905309cc13ed5ab24852b1cc97

SHA1
448c3cf3b16a619d9888e7c2c7399947895305b3

SHA256
6885a47b3146fb8f6e144226381b5e0dde796b411b05e1a52cf7df3608eab216

SHA512
655936b9d6cd6cf318a69bc44edfe8925e119d6017df4f693a2069dd49633b7cb2b06dcd106ff791ab84385c51d4aeb30164540b543478fae09a490b7427803c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe

Filesize
468KB

MD5
0ea7cd7147455d717b7c3467cf78b537

SHA1
7f266fb06d7e8c148be3d8969a47a47896ec8308

SHA256
0bce70dec38b93d13f8f79a4af5cd0a60333108f073c3ccd4468cb81604f969b

SHA512
9d53a65f548ee5321c76acb9c923a9c63704cef95a69fb05f39df57738ebcd190c60521170b91e9676df6df8a816909e3965f219342505f3b0d082ca60e609a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe

Filesize
468KB

MD5
90a0bfc4a90987d22e196778c74c1b89

SHA1
ddbbdc656b6ea64bb65a93ed34ab3b8b4fc569da

SHA256
a6ca17596f0aeb94daa308cd52d1ee727da899228da888273db799dd254fedff

SHA512
901f5b23ce7fc22ea7cf748288d6d37f8fd885981cdee1fd57fe93555b46d630bbad2a23e6823d3cbaf7db48a3b08aafa1ec2d80dd0a2b23c25eb82c5a1e6a62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe

Filesize
468KB

MD5
79a26f97e42527a91cef9b3383d6ce8d

SHA1
b4f4710a20985033d5ab2f8ea94747e0b6734ec7

SHA256
8e885280328a4a551e2bf95f049e6df4db307ad35d30eb82568548061ae3e8aa

SHA512
40d7959084f612ad3ddcac87c0e592e9defed7eae1858e558beabcbd724d14ca4a34d911a3ee1869b678601704c27eeb23c00af5135eb1d35b51091002b4420a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe

Filesize
468KB

MD5
9d907df3df15a4f61207124c6a39b724

SHA1
4dde531ffdf687ece17b37dfcd1cad19823c7fc8

SHA256
6dbc804992eebf7888ddce1540336dd28766d508523345ac9d8e5c4f4a72b00d

SHA512
55003be3af092adfcf2ef188ae0cbf2355cce412c8b90fd83fddd7cfba048cca6e4a97a486b15e1fbd0e573c3a7a07598a45638f8292df448b231ddba6ebef15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe

Filesize
468KB

MD5
ca13d58d516995cd3bf6ca0e2c4c9771

SHA1
f67f2e43e1c31fef959ce6743ae389f0c9f1b35b

SHA256
db08fc51d3ebad11c5ffbe6074b57294a9d7d9e3eea225a96f30f91e0fdd8b38

SHA512
83a54578410273235dcae9bb1586812dc386776d2654069ce0595c599829af2a7b94fb0b88485efa35126d5de22744deb8dcb9d61797f5cdeef7c020b8d4d8e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe

Filesize
468KB

MD5
147cb1a12517da46b139ed49ab8eb138

SHA1
06796e26037ee6fd9c5c001954b8ab7d7dc4fd62

SHA256
8c525df0631414b70c682605b81aa814a3783e1eb4455c4ef42d9cd99710abd8

SHA512
95d8ad388112fd3ae281db3ef90614e88aae9e6aaef9ef504716fd229cad239b7d94695aa77d5adeb56f04fc2ba0bfbb2da05607e7478e65cf66ef558607fe40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe

Filesize
468KB

MD5
f59abf4cc6211d64a3371543bf49f343

SHA1
7c52764ed78824fb4c3a9748941dd57a216ff2a3

SHA256
bd8c2633df1fa8e4ccf8fd189d5b1ea45fe05b1421e7a60109281cef20482ea1

SHA512
37f244d10fe06bf3e5d7ad3fc061a31f9799ed01feaa713442b620c53e0882cb2d227d1446f629ab98d28d17b5b4abd68fa86c939f9fa0c196a93a58bffea92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe

Filesize
468KB

MD5
ef7dceaae964b5f2ed3983edc52248c1

SHA1
f5d5ead6a2f040faf26e0cd7223e81b324a410e3

SHA256
84c12c5284653ea292259059209fcd3c34ba8ecaa242e71d11c5f0c431f02522

SHA512
e9953df62aec8143093e68f116c48240ad0127cc5387861d1685117d6848620e7a966081e5796f6912f49215b7b0788d435a1c1771adb4e548f27ca2f1e8c197

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe

Filesize
468KB

MD5
fe5c066b89cc70ea9ef46a46969d62b7

SHA1
d4041dd00e78c76dc80c553488933a3fec868689

SHA256
ed337b5af2dcac8989f3f8cbfbbbc511e13eaf4adc1d3635c2e20a7d81052d68

SHA512
5b05034cd311fea437c4d8129cd0f15999ea76cc840495ad20219d01b572c0bfa5c8e16fdc8dee6e0f8b9fea19bb9d3171e64abc4f9404acad7da479a2914dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe

Filesize
468KB

MD5
566a7cc87fe8cdf4298561af5c877e5b

SHA1
584994a91f78869f105ebed77e4dc495491fd346

SHA256
743bce3987e144db623c7b61434e7bb254d1743168119cb5f31a7ddc97f9a82d

SHA512
90aff738cc7c45d8063de577ddc7b8611039c9c340ddb1975503c843763537b39b16c6c5229e154e32aa326eada601070080ed1eafa4493432e54324124d3dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe

Filesize
468KB

MD5
eec6165d09344eaf3b6178e780b1d9ea

SHA1
8929f9638087cfffc60754c54801cc2158a9df96

SHA256
b0b4aa71c6027cfee09a933fd1df036a7a944f5a1774a3e3fb96559a2367041e

SHA512
e6d2528f9cc2d0ac3c17a4e987e6165e6ec50eb235d2db74e6f1068a2a6b0bc5c5b6368e86d60908dad9c582db3ea2b0575afc583dde317895a87069ffa6005f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe

Filesize
468KB

MD5
3d28643425e63e6c891927677df1adaa

SHA1
51f68530c11420378857bd69df482776825ff232

SHA256
ccbc76b8f302af632d7e6db4a3d3ba5f00605fdb7a1b7b6d02398ea2c6563c01

SHA512
27fad7d60ad8f4d08c0470927f7c95d46ce2a1d7771c9f8d2306c605f05e00ed05d4deeb5e275441da7afbc6d55fe1891f93405182533a278bfe512530c57635

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe

Filesize
468KB

MD5
02dd9724931f1c05f081de3364007cbb

SHA1
90c4986a6bd49641fa0f7a7f85b3a88d31257e7d

SHA256
9106717decbeb3013bdce9cefbec7ea4b3215d5678451c92e5964ff23f8fb6e6

SHA512
adfd0d387d782c0f7525eae7122077c184c9bc6ce03574914287cf7e7d659dc9004036d0ed1ffe77c556473eddb2b1ca50f643366dbbbaf52e7126870fcfb4a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe

Filesize
468KB

MD5
1f8c4d6237b8215ce2b0d5c3ee2188ac

SHA1
211ef0521ad665a973d10aef8d548a880a35085d

SHA256
ed17989e4a7ef3f3700c4794a8ccda365eed6acac9cadda157d68c1009fe62f1

SHA512
3718ed4e65ddc0dad8da6fbd294a719b1528738e89e1506a331714cce5f1921261b20558fb67ddd1d5fff9bfee7e7df347e2070a2c46f834a6df143c62183964

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe

Filesize
468KB

MD5
f1d9c14a71370b4e598c4d9ffebdb581

SHA1
28aa639ba882f8753b7d31a79668ba6c5ac4c5f2

SHA256
b3a5f4c5dc11e4aecf282fd56fbbea9724db214e7a7b2ef9c4e903ea0d020d1d

SHA512
a52e71a98d48c9bfe61fb5a675e32bca9e547267343811e1002553de70d28ab952ee6578e6cab03b63b59890d78eb5319e6278c7cb0c30839fb9fe4f2ea2f71f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe

Filesize
468KB

MD5
331c68dbfb3df37e19c9001271415fc7

SHA1
737bec5ae4cc2d23b2619ba2ac3ea8da383434f7

SHA256
bd3e8804051a39a56c4e69e59fee9290361c97da519687721a53731f56384632

SHA512
5f6ff1accfcb050e8b514847a8ba03fbe14cfb68eae24ca01d3ee6f9fc7774d4a937528352c24361fea0cb48a153284216f61c5ac5932fa0901476c774623f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe

Filesize
468KB

MD5
9ac859d5b65aa4e190898b8764369f6b

SHA1
349fc1af4ad78d67e641ef2274215aab4f658fb2

SHA256
247bcfe9e4d680b3c6907c2e563b7c2185606471c326bf4b439393088e728d9b

SHA512
b7efc428ebbcdc2dc0c14cd55a2fc92f7551f688ec376cd10f87b2f51eee5af6a235317045a77ea964162e8d76de3849cbfa74fcffc8a7d07086ea5d5b6bb4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe

Filesize
468KB

MD5
771d26429e282fc9681cc9de7c25ead2

SHA1
10f4ce4f4ec978bfa57c5596447e514af61d38a0

SHA256
f7fdb49f438cf6302ccabc148016b6538756db0380f9c7d83401d3cc291283e3

SHA512
ccb3c9a2088af62e83426f674071ef3dfbecebdfb5e73d7a63ca42278748e6cd62361291a40d044420e0b9644776cc5ad5e3638ce2a3d50cd08d614d2f8502b5

Download Submit
memory/404-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/856-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/984-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1228-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1468-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1680-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-136-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1932-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2404-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2468-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-135-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-31-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2960-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2960-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3188-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3276-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3348-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3692-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3696-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3820-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3832-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3904-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4064-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4100-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4192-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4192-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4248-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-52-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4416-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-113-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4940-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4964-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download