fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509

Analysis

max time kernel
120s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe
Size

468KB
MD5

203df534548365e7f92d56f5f26e1c10
SHA1

befb467506d52467dffe018dd5cb6999d70bad54
SHA256

fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509
SHA512

d7a2cb185209542a1dc69ac29c5457c39eeea7e4581a0ba1c5133834a53a1a807b5dda6cd0ddc53f456f61ac3be1c930930ae908db4fbd8cefc378a3acac8cb8
SSDEEP

3072:3FfnogKxjtTU2bY+Bz3yqf8/ECUjyIplPmfC5VuICJC+r3EjtTl/:3Ffot1U2dBDyqf00/jCJFjEjt

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3652	Unicorn-43074.exe
4500	Unicorn-21476.exe
2892	Unicorn-13862.exe
1172	Unicorn-16598.exe
944	Unicorn-2207.exe
1360	Unicorn-43795.exe
4152	Unicorn-64812.exe
1232	Unicorn-31132.exe
4528	Unicorn-1797.exe
2536	Unicorn-14049.exe
5040	Unicorn-20826.exe
3248	Unicorn-52114.exe
2632	Unicorn-5606.exe
3976	Unicorn-27610.exe
3908	Unicorn-58699.exe
1548	Unicorn-13027.exe
2748	Unicorn-29364.exe
2108	Unicorn-21942.exe
3464	Unicorn-41808.exe
4156	Unicorn-47236.exe
4816	Unicorn-27370.exe
4720	Unicorn-59488.exe
4616	Unicorn-20956.exe
1012	Unicorn-40822.exe
4596	Unicorn-16318.exe
4428	Unicorn-63380.exe
1964	Unicorn-25616.exe
8	Unicorn-31092.exe
1700	Unicorn-43536.exe
4748	Unicorn-62565.exe
3508	Unicorn-48175.exe
1788	Unicorn-55788.exe
388	Unicorn-44112.exe
1584	Unicorn-54973.exe
4776	Unicorn-48196.exe
2200	Unicorn-48196.exe
4580	Unicorn-48751.exe
1180	Unicorn-5601.exe
4472	Unicorn-5601.exe
3060	Unicorn-59633.exe
1356	Unicorn-11631.exe
1184	Unicorn-53219.exe
2288	Unicorn-52664.exe
4724	Unicorn-34190.exe
116	Unicorn-57324.exe
3284	Unicorn-18984.exe
1384	Unicorn-38850.exe
1456	Unicorn-38850.exe
4980	Unicorn-12015.exe
1852	Unicorn-53603.exe
1756	Unicorn-30874.exe
2744	Unicorn-45819.exe
2944	Unicorn-60038.exe
2000	Unicorn-49924.exe
3472	Unicorn-7500.exe
3636	Unicorn-8699.exe
4456	Unicorn-63930.exe
5116	Unicorn-27174.exe
264	Unicorn-1086.exe
1952	Unicorn-62560.exe
3104	Unicorn-17444.exe
1064	Unicorn-40556.exe
4468	Unicorn-60422.exe
2248	Unicorn-34526.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3528	2344	WerFault.exe	81
4624	3652	WerFault.exe	82
4736	2892	WerFault.exe	84
1608	4500	WerFault.exe	83
3624	1172	WerFault.exe	88
2808	1360	WerFault.exe	90
4456	944	WerFault.exe	89
1660	4596	WerFault.exe	126
4060	2748	WerFault.exe	111
3244	4152	WerFault.exe	93
2524	1232	WerFault.exe	94
4780	4528	WerFault.exe	95
4028	2536	WerFault.exe	96
1844	5040	WerFault.exe	97
5056	1788	WerFault.exe	134
2684	3248	WerFault.exe	106
4060	2632	WerFault.exe	107
4872	3976	WerFault.exe	108
5032	3908	WerFault.exe	109
2948	1548	WerFault.exe	110
2232	2108	WerFault.exe	112
5028	3464	WerFault.exe	113
2876	4156	WerFault.exe	121
1968	4720	WerFault.exe	123
3076	4748	WerFault.exe	131
4612	1012	WerFault.exe	125
2760	4616	WerFault.exe	124
2232	3508	WerFault.exe	133
4320	4816	WerFault.exe	122
4036	388	WerFault.exe	149
4400	4428	WerFault.exe	127
4872	1700	WerFault.exe	130
4236	8	WerFault.exe	129
1748	1356	WerFault.exe	158
4860	1964	WerFault.exe	128
3160	1456	WerFault.exe	165
3112	1384	WerFault.exe	164
4872	1180	WerFault.exe	155
1656	3284	WerFault.exe	163
5372	1756	WerFault.exe	177
5484	2944	WerFault.exe	182
5496	1584	WerFault.exe	151
5512	116	WerFault.exe	162
5600	2000	WerFault.exe	186
5888	1184	WerFault.exe	159
6000	4456	WerFault.exe	191
6128	1952	WerFault.exe	197
5160	5116	WerFault.exe	192
5264	3320	WerFault.exe	201
5428	3636	WerFault.exe	189
5568	4580	WerFault.exe	154
5696	2696	WerFault.exe	198
5820	4644	WerFault.exe	200
6036	3472	WerFault.exe	188
5892	3060	WerFault.exe	157
6004	2200	WerFault.exe	153
2044	3988	WerFault.exe	199
5344	2288	WerFault.exe	160
5432	2748	WerFault.exe	207
5648	2684	WerFault.exe	205
5544	5048	WerFault.exe	203
5644	3216	WerFault.exe	208
5604	2764	WerFault.exe	218
1964	828	WerFault.exe	238

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54356.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe
3652	Unicorn-43074.exe
2892	Unicorn-13862.exe
4500	Unicorn-21476.exe
1172	Unicorn-16598.exe
1360	Unicorn-43795.exe
944	Unicorn-2207.exe
4152	Unicorn-64812.exe
1232	Unicorn-31132.exe
4528	Unicorn-1797.exe
2536	Unicorn-14049.exe
5040	Unicorn-20826.exe
3248	Unicorn-52114.exe
2632	Unicorn-5606.exe
3976	Unicorn-27610.exe
3908	Unicorn-58699.exe
1548	Unicorn-13027.exe
2108	Unicorn-21942.exe
3464	Unicorn-41808.exe
2748	Unicorn-29364.exe
4156	Unicorn-47236.exe
4816	Unicorn-27370.exe
4720	Unicorn-59488.exe
4616	Unicorn-20956.exe
1012	Unicorn-40822.exe
4596	Unicorn-16318.exe
4428	Unicorn-63380.exe
4748	Unicorn-62565.exe
1964	Unicorn-25616.exe
1700	Unicorn-43536.exe
8	Unicorn-31092.exe
3508	Unicorn-48175.exe
1788	Unicorn-55788.exe
388	Unicorn-44112.exe
1584	Unicorn-54973.exe
4776	Unicorn-48196.exe
1180	Unicorn-5601.exe
2200	Unicorn-48196.exe
4580	Unicorn-48751.exe
1356	Unicorn-11631.exe
4472	Unicorn-5601.exe
3060	Unicorn-59633.exe
1184	Unicorn-53219.exe
2288	Unicorn-52664.exe
116	Unicorn-57324.exe
1384	Unicorn-38850.exe
3284	Unicorn-18984.exe
1456	Unicorn-38850.exe
4724	Unicorn-34190.exe
4980	Unicorn-12015.exe
1852	Unicorn-53603.exe
1756	Unicorn-30874.exe
2744	Unicorn-45819.exe
2944	Unicorn-60038.exe
2000	Unicorn-49924.exe
3472	Unicorn-7500.exe
4456	Unicorn-63930.exe
3636	Unicorn-8699.exe
5116	Unicorn-27174.exe
1952	Unicorn-62560.exe
3104	Unicorn-17444.exe
3320	Unicorn-62923.exe
4708	Unicorn-37672.exe
1064	Unicorn-40556.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 3652	2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe	82
PID 2344 wrote to memory of 3652	2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe	82
PID 2344 wrote to memory of 3652	2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe	82
PID 3652 wrote to memory of 4500	3652	Unicorn-43074.exe	83
PID 3652 wrote to memory of 4500	3652	Unicorn-43074.exe	83
PID 3652 wrote to memory of 4500	3652	Unicorn-43074.exe	83
PID 2344 wrote to memory of 2892	2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe	84
PID 2344 wrote to memory of 2892	2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe	84
PID 2344 wrote to memory of 2892	2344	fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe	84
PID 2892 wrote to memory of 1172	2892	Unicorn-13862.exe	88
PID 2892 wrote to memory of 1172	2892	Unicorn-13862.exe	88
PID 2892 wrote to memory of 1172	2892	Unicorn-13862.exe	88
PID 4500 wrote to memory of 944	4500	Unicorn-21476.exe	89
PID 4500 wrote to memory of 944	4500	Unicorn-21476.exe	89
PID 4500 wrote to memory of 944	4500	Unicorn-21476.exe	89
PID 3652 wrote to memory of 1360	3652	Unicorn-43074.exe	90
PID 3652 wrote to memory of 1360	3652	Unicorn-43074.exe	90
PID 3652 wrote to memory of 1360	3652	Unicorn-43074.exe	90
PID 1172 wrote to memory of 4152	1172	Unicorn-16598.exe	93
PID 1172 wrote to memory of 4152	1172	Unicorn-16598.exe	93
PID 1172 wrote to memory of 4152	1172	Unicorn-16598.exe	93
PID 2892 wrote to memory of 1232	2892	Unicorn-13862.exe	94
PID 2892 wrote to memory of 1232	2892	Unicorn-13862.exe	94
PID 2892 wrote to memory of 1232	2892	Unicorn-13862.exe	94
PID 1360 wrote to memory of 4528	1360	Unicorn-43795.exe	95
PID 1360 wrote to memory of 4528	1360	Unicorn-43795.exe	95
PID 1360 wrote to memory of 4528	1360	Unicorn-43795.exe	95
PID 944 wrote to memory of 2536	944	Unicorn-2207.exe	96
PID 944 wrote to memory of 2536	944	Unicorn-2207.exe	96
PID 944 wrote to memory of 2536	944	Unicorn-2207.exe	96
PID 4500 wrote to memory of 5040	4500	Unicorn-21476.exe	97
PID 4500 wrote to memory of 5040	4500	Unicorn-21476.exe	97
PID 4500 wrote to memory of 5040	4500	Unicorn-21476.exe	97
PID 4152 wrote to memory of 3248	4152	Unicorn-64812.exe	106
PID 4152 wrote to memory of 3248	4152	Unicorn-64812.exe	106
PID 4152 wrote to memory of 3248	4152	Unicorn-64812.exe	106
PID 1172 wrote to memory of 2632	1172	Unicorn-16598.exe	107
PID 1172 wrote to memory of 2632	1172	Unicorn-16598.exe	107
PID 1172 wrote to memory of 2632	1172	Unicorn-16598.exe	107
PID 1232 wrote to memory of 3976	1232	Unicorn-31132.exe	108
PID 1232 wrote to memory of 3976	1232	Unicorn-31132.exe	108
PID 1232 wrote to memory of 3976	1232	Unicorn-31132.exe	108
PID 1360 wrote to memory of 3908	1360	Unicorn-43795.exe	109
PID 1360 wrote to memory of 3908	1360	Unicorn-43795.exe	109
PID 1360 wrote to memory of 3908	1360	Unicorn-43795.exe	109
PID 4528 wrote to memory of 1548	4528	Unicorn-1797.exe	110
PID 4528 wrote to memory of 1548	4528	Unicorn-1797.exe	110
PID 4528 wrote to memory of 1548	4528	Unicorn-1797.exe	110
PID 2536 wrote to memory of 2748	2536	Unicorn-14049.exe	111
PID 2536 wrote to memory of 2748	2536	Unicorn-14049.exe	111
PID 2536 wrote to memory of 2748	2536	Unicorn-14049.exe	111
PID 944 wrote to memory of 2108	944	Unicorn-2207.exe	112
PID 944 wrote to memory of 2108	944	Unicorn-2207.exe	112
PID 944 wrote to memory of 2108	944	Unicorn-2207.exe	112
PID 5040 wrote to memory of 3464	5040	Unicorn-20826.exe	113
PID 5040 wrote to memory of 3464	5040	Unicorn-20826.exe	113
PID 5040 wrote to memory of 3464	5040	Unicorn-20826.exe	113
PID 3248 wrote to memory of 4156	3248	Unicorn-52114.exe	121
PID 3248 wrote to memory of 4156	3248	Unicorn-52114.exe	121
PID 3248 wrote to memory of 4156	3248	Unicorn-52114.exe	121
PID 4152 wrote to memory of 4816	4152	Unicorn-64812.exe	122
PID 4152 wrote to memory of 4816	4152	Unicorn-64812.exe	122
PID 4152 wrote to memory of 4816	4152	Unicorn-64812.exe	122
PID 2632 wrote to memory of 4720	2632	Unicorn-5606.exe	123

C:\Users\Admin\AppData\Local\Temp\fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe
"C:\Users\Admin\AppData\Local\Temp\fc830e63bb1c4c250f2421c5e81a25b766cde1a3a7400b334aa6cfab62cfe509N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        11⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        13⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        14⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        15⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        16⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
        17⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        18⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 724
        16⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 724
        15⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 724
        13⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        12⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        13⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        14⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        15⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        16⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 724
        15⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 636
        14⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 724
        13⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 692
        12⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 724
        10⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 696
        9⤵
        Program crash
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 724
        8⤵
        Program crash
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 724
        7⤵
        Program crash
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        12⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
        13⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        14⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        15⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 724
        14⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 636
        13⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 724
        12⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        11⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        14⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        15⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        16⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 696
        13⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 724
        12⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 720
        11⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 724
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 636
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        10⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        11⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        12⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        13⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28350.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 724
        11⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 724
        10⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 724
        8⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 720
        7⤵
        Program crash
        
        PID:2232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 720
        6⤵
        Program crash
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        11⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        12⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        13⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        14⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        15⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 724
        12⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 724
        10⤵
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 724
        9⤵
        Program crash
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        12⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        13⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        14⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        15⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 724
        14⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 636
        11⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 608
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 720
        7⤵
        Program crash
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        9⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62550.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        13⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        14⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        15⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 724
        14⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 636
        12⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 724
        11⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 724
        10⤵
        
        PID:860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 724
        8⤵
        Program crash
        
        PID:5644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 720
        6⤵
        Program crash
        
        PID:2232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 720
        5⤵
        Program crash
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        11⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        12⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        13⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 724
        14⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 724
        12⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 724
        11⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 724
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        11⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        13⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
        14⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        15⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        16⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 724
        15⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 696
        14⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 636
        13⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 724
        12⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 724
        11⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 724
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 116 -s 720
        8⤵
        Program crash
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58798.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
        9⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
        12⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        13⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
        14⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        15⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        16⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 724
        13⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 724
        12⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 724
        11⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 724
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 724
        8⤵
        Program crash
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 720
        7⤵
        Program crash
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        11⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        12⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
        13⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 696
        13⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 696
        12⤵
        
        PID:980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 724
        11⤵
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 724
        10⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 724
        8⤵
        Program crash
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 724
        7⤵
        Program crash
        
        PID:1656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 720
        6⤵
        Program crash
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38518.exe
        10⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        11⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 720
        12⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 724
        11⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 696
        10⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 724
        8⤵
        Program crash
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        8⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        12⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 724
        11⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 724
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 724
        8⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 720
        7⤵
        Program crash
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        11⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        12⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 724
        13⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 724
        12⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        12⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        13⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        14⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 724
        13⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 724
        12⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 724
        11⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 720
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 724
        9⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 724
        8⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 724
        7⤵
        Program crash
        
        PID:5264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 720
        6⤵
        Program crash
        
        PID:3076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 720
        5⤵
        Program crash
        
        PID:1844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 720
      4⤵
      Program crash
      PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        8⤵
        Executes dropped EXE
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        11⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        12⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        13⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        14⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32652.exe
        15⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 724
        15⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 724
        14⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 724
        13⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 724
        12⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 724
        11⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 724
        10⤵
        
        PID:228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 724
        9⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 724
        8⤵
        Program crash
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        7⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
        13⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        14⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 724
        14⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 724
        13⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 724
        11⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 724
        9⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 720
        7⤵
        Program crash
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        10⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        12⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
        13⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
        14⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 724
        11⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 724
        10⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 724
        9⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 724
        8⤵
        Program crash
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        10⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        12⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        13⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
        14⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
        13⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 720
        13⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 724
        12⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 724
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 696
        8⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 720
        7⤵
        Program crash
        
        PID:5888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 720
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34190.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        8⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        6⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        12⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 724
        13⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 724
        12⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 636
        10⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 636
        8⤵
        
        PID:5840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 720
        6⤵
        Program crash
        
        PID:4860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 720
        5⤵
        Program crash
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 464
        6⤵
        Program crash
        
        PID:1660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 724
        5⤵
        Program crash
        
        PID:5032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 720
      4⤵
      Program crash
      PID:2808
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 720
    3⤵
    - Program crash
    PID:4624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
        11⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        12⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        13⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        14⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        16⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        17⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 724
        16⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 724
        15⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 724
        14⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 724
        13⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 724
        12⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 724
        11⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 724
        10⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 724
        9⤵
        Program crash
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        12⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        13⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 724
        13⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 724
        12⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 724
        10⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 724
        9⤵
        Program crash
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 720
        8⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        11⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
        12⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        13⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        14⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 724
        14⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 724
        13⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 724
        12⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 636
        11⤵
        
        PID:1184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 724
        10⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61590.exe
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32784.exe
        11⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        12⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        14⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 724
        14⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 724
        13⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 724
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 724
        9⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 720
        8⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 720
        7⤵
        Program crash
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        12⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
        13⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        14⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        15⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        16⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 724
        13⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 724
        12⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 724
        10⤵
        
        PID:636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 724
        8⤵
        Program crash
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        10⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48456.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        13⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        14⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        15⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        16⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 724
        12⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 724
        11⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 724
        10⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 724
        9⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 724
        8⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 720
        7⤵
        Program crash
        
        PID:5496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 720
        6⤵
        Program crash
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        11⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
        12⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6411.exe
        13⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        15⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 724
        14⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 636
        13⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 696
        12⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 724
        11⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 724
        9⤵
        Program crash
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 724
        8⤵
        Program crash
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
        12⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        13⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        14⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 724
        13⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 724
        12⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 724
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        12⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        14⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 724
        11⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 720
        10⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 636
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 724
        8⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 692
        7⤵
        Program crash
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        10⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        11⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
        12⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 724
        12⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 724
        11⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 724
        10⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 724
        7⤵
        
        PID:5440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 632
        6⤵
        Program crash
        
        PID:4320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 720
        5⤵
        Program crash
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
        12⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26422.exe
        14⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        15⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 724
        14⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 724
        12⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 724
        11⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 724
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63562.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        12⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        14⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        15⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 724
        14⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 724
        12⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 720
        9⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 724
        8⤵
        Program crash
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        11⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        12⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        15⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 724
        13⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 724
        12⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 636
        11⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 724
        10⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        11⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        12⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        13⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 724
        13⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 724
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 724
        9⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 724
        7⤵
        Program crash
        
        PID:6036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 720
        6⤵
        Program crash
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
        12⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        13⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
        14⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 724
        13⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 724
        12⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 724
        10⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 724
        9⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 724
        8⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 724
        7⤵
        Program crash
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        10⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        12⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        13⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 724
        12⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 724
        11⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 724
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        11⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        12⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 724
        11⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 720
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 724
        8⤵
        
        PID:4732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 720
        6⤵
        Program crash
        
        PID:5568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 720
        5⤵
        Program crash
        
        PID:4060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 720
      4⤵
      Program crash
      PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10941.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        13⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        14⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        15⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 724
        14⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 724
        13⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 724
        11⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 724
        8⤵
        Program crash
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        13⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        14⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        15⤵
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 724
        14⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 724
        13⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 724
        12⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 724
        11⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 724
        10⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 720
        7⤵
        Program crash
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        6⤵
        Executes dropped EXE
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26640.exe
        11⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        12⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59678.exe
        13⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 724
        12⤵
        
        PID:264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 724
        11⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 724
        10⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 724
        9⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 724
        7⤵
        
        PID:4132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 720
        6⤵
        Program crash
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        11⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        13⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        14⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 724
        13⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 724
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 724
        11⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 724
        10⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 724
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 724
        8⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        6⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        10⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        11⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
        12⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 724
        12⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 724
        11⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 724
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 724
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 724
        7⤵
        
        PID:2948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 720
        6⤵
        Program crash
        
        PID:5892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 720
        5⤵
        Program crash
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        10⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        11⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
        12⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        13⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        14⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 724
        12⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 724
        11⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 724
        10⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 724
        7⤵
        Program crash
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        11⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11821.exe
        13⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 636
        11⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 724
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 636
        9⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 724
        8⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 724
        7⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        8⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        11⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
        12⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
        13⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 724
        12⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 636
        11⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 724
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47880.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        11⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        12⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49782.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        14⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 724
        12⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 724
        11⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 720
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 724
        7⤵
        
        PID:3408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 724
        6⤵
        Program crash
        
        PID:2044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 720
        5⤵
        Program crash
        
        PID:2760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 720
      4⤵
      Program crash
      PID:2524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 720
    3⤵
    - Program crash
    PID:4736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 720
  2⤵
  - Program crash
  PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2344 -ip 2344
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3652 -ip 3652
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2892 -ip 2892
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4500 -ip 4500
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1172 -ip 1172
1⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1360 -ip 1360
1⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 944 -ip 944
1⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4596 -ip 4596
1⤵
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2748 -ip 2748
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4152 -ip 4152
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1232 -ip 1232
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4528 -ip 4528
1⤵
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2536 -ip 2536
1⤵
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5040 -ip 5040
1⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1788 -ip 1788
1⤵
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3248 -ip 3248
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2632 -ip 2632
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3976 -ip 3976
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3908 -ip 3908
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1548 -ip 1548
1⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2108 -ip 2108
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3464 -ip 3464
1⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4156 -ip 4156
1⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4720 -ip 4720
1⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4816 -ip 4816
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4748 -ip 4748
1⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1012 -ip 1012
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4616 -ip 4616
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3508 -ip 3508
1⤵
PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1964 -ip 1964
1⤵
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 388 -ip 388
1⤵
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4428 -ip 4428
1⤵
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1700 -ip 1700
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8 -ip 8
1⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1356 -ip 1356
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1456 -ip 1456
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3284 -ip 3284
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1384 -ip 1384
1⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1180 -ip 1180
1⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4980 -ip 4980
1⤵
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1852 -ip 1852
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4472 -ip 4472
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 1756 -ip 1756
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2944 -ip 2944
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1584 -ip 1584
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 116 -ip 116
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2000 -ip 2000
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4776 -ip 4776
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1184 -ip 1184
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4456 -ip 4456
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1952 -ip 1952
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5116 -ip 5116
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3320 -ip 3320
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3104 -ip 3104
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4724 -ip 4724
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3636 -ip 3636
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4580 -ip 4580
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2696 -ip 2696
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4644 -ip 4644
1⤵
PID:724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3472 -ip 3472
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3060 -ip 3060
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2200 -ip 2200
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3988 -ip 3988
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2288 -ip 2288
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2748 -ip 2748
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2684 -ip 2684
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5048 -ip 5048
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3216 -ip 3216
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2764 -ip 2764
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 924 -ip 924
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 828 -ip 828
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2836 -ip 2836
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4708 -ip 4708
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 4508 -ip 4508
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4844 -ip 4844
1⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1064 -ip 1064
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2744 -ip 2744
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4492 -ip 4492
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1632 -ip 1632
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3456 -ip 3456
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 264 -ip 264
1⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4556 -ip 4556
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 2892 -ip 2892
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2224 -ip 2224
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1844 -ip 1844
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4468 -ip 4468
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2876 -ip 2876
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2236 -ip 2236
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4664 -ip 4664
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2248 -ip 2248
1⤵
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4988 -ip 4988
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3128 -ip 3128
1⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3152 -ip 3152
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2220 -ip 2220
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2260 -ip 2260
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5276 -ip 5276
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3040 -ip 3040
1⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2884 -ip 2884
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1440 -ip 1440
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5992 -ip 5992
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4728 -ip 4728
1⤵
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3464 -ip 3464
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5144 -ip 5144
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5196 -ip 5196
1⤵
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1516 -ip 1516
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4612 -ip 4612
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5680 -ip 5680
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5712 -ip 5712
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1884 -ip 1884
1⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4836 -ip 4836
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5760 -ip 5760
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4400 -ip 4400
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2072 -ip 2072
1⤵
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2108 -ip 2108
1⤵
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1792 -ip 1792
1⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6048 -ip 6048
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5284 -ip 5284
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3592 -ip 3592
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4560 -ip 4560
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4312 -ip 4312
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5212 -ip 5212
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5332 -ip 5332
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5396 -ip 5396
1⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1388 -ip 1388
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5668 -ip 5668
1⤵
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5584 -ip 5584
1⤵
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3352 -ip 3352
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1692 -ip 1692
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1912 -ip 1912
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5232 -ip 5232
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5496 -ip 5496
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5300 -ip 5300
1⤵
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5548 -ip 5548
1⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5632 -ip 5632
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5564 -ip 5564
1⤵
PID:724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1880 -ip 1880
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5152 -ip 5152
1⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5864 -ip 5864
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4596 -ip 4596
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 6132 -ip 6132
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1768 -ip 1768
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6116 -ip 6116
1⤵
PID:792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2436 -ip 2436
1⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5732 -ip 5732
1⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1656 -ip 1656
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1432 -ip 1432
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6128 -ip 6128
1⤵
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3952 -ip 3952
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2944 -ip 2944
1⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5592 -ip 5592
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5140 -ip 5140
1⤵
PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5884 -ip 5884
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4600 -ip 4600
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5768 -ip 5768
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5824 -ip 5824
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5976 -ip 5976
1⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4872 -ip 4872
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5724 -ip 5724
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 368 -ip 368
1⤵
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5192 -ip 5192
1⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2848 -ip 2848
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2664 -ip 2664
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 1660 -ip 1660
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3608 -ip 3608
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4432 -ip 4432
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1628 -ip 1628
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5888 -ip 5888
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5700 -ip 5700
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4980 -ip 4980
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5236 -ip 5236
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2688 -ip 2688
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2756 -ip 2756
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3172 -ip 3172
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 208 -ip 208
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5324 -ip 5324
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3196 -ip 3196
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5652 -ip 5652
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4860 -ip 4860
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3624 -ip 3624
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2716 -ip 2716
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2180 -ip 2180
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5244 -ip 5244
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6000 -ip 6000
1⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5124 -ip 5124
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4736 -ip 4736
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5468 -ip 5468
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2564 -ip 2564
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4304 -ip 4304
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5452 -ip 5452
1⤵
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6108 -ip 6108
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5852 -ip 5852
1⤵
PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3548 -ip 3548
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 2736 -ip 2736
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5996 -ip 5996
1⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3244 -ip 3244
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1700 -ip 1700
1⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4776 -ip 4776
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3332 -ip 3332
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 3408 -ip 3408
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3392 -ip 3392
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3064 -ip 3064
1⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5820 -ip 5820
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4540 -ip 4540
1⤵
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3092 -ip 3092
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3108 -ip 3108
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2684 -ip 2684
1⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1844 -ip 1844
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4912 -ip 4912
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5776 -ip 5776
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 872 -ip 872
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3516 -ip 3516
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5556 -ip 5556
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3040 -ip 3040
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 4384 -ip 4384
1⤵
PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1180 -ip 1180
1⤵
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 2788 -ip 2788
1⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1148 -ip 1148
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5092 -ip 5092
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5488 -ip 5488
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3096 -ip 3096
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4596 -ip 4596
1⤵
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5048 -ip 5048
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 264 -ip 264
1⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 668 -ip 668
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 1260 -ip 1260
1⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4612 -ip 4612
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 2692 -ip 2692
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 2300 -ip 2300
1⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5304 -ip 5304
1⤵
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5856 -ip 5856
1⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5104 -ip 5104
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4228 -ip 4228
1⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5908 -ip 5908
1⤵
PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3432 -ip 3432
1⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 6028 -ip 6028
1⤵
PID:1172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4964 -ip 4964
1⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4124 -ip 4124
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4864 -ip 4864
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5460 -ip 5460
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5584 -ip 5584
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6096 -ip 6096
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2204 -ip 2204
1⤵
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5260 -ip 5260
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6100 -ip 6100
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4560 -ip 4560
1⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3472 -ip 3472
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4356 -ip 4356
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5708 -ip 5708
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3988 -ip 3988
1⤵
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5560 -ip 5560
1⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5416 -ip 5416
1⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 3868 -ip 3868
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2572 -ip 2572
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4484 -ip 4484
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5900 -ip 5900
1⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6120 -ip 6120
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1688 -ip 1688
1⤵
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2892 -ip 2892
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1300 -ip 1300
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2964 -ip 2964
1⤵
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4128 -ip 4128
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2488 -ip 2488
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1656 -ip 1656
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5748 -ip 5748
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5668 -ip 5668
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1756 -ip 1756
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6076 -ip 6076
1⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 740 -ip 740
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3272 -ip 3272
1⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2744 -ip 2744
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 608 -ip 608
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6128 -ip 6128
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3424 -ip 3424
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6092 -ip 6092
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5340 -ip 5340
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2140 -ip 2140
1⤵
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1940 -ip 1940
1⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1164 -ip 1164
1⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5636 -ip 5636
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3112 -ip 3112
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4660 -ip 4660
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5252 -ip 5252
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5624 -ip 5624
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3376 -ip 3376
1⤵
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 2312 -ip 2312
1⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5568 -ip 5568
1⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1064 -ip 1064
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3880 -ip 3880
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1636 -ip 1636
1⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3248 -ip 3248
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4428 -ip 4428
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1612 -ip 1612
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 208 -ip 208
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5480 -ip 5480
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5824 -ip 5824
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6000 -ip 6000
1⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 1884 -ip 1884
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 2800 -ip 2800
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5028 -ip 5028
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5664 -ip 5664
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5800 -ip 5800
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4872 -ip 4872
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1692 -ip 1692
1⤵
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3284 -ip 3284
1⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3860 -ip 3860
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1304 -ip 1304
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2288 -ip 2288
1⤵
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1512 -ip 1512
1⤵
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4400 -ip 4400
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5208 -ip 5208
1⤵
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4644 -ip 4644
1⤵
PID:668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 1536 -ip 1536
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5320 -ip 5320
1⤵
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4720 -ip 4720
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5648 -ip 5648
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4100 -ip 4100
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1384 -ip 1384
1⤵
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3160 -ip 3160
1⤵
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2664 -ip 2664
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1228 -ip 1228
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1880 -ip 1880
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4540 -ip 4540
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1244 -ip 1244
1⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5712 -ip 5712
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2692 -ip 2692
1⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5452 -ip 5452
1⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5692 -ip 5692
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5176 -ip 5176
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1572 -ip 1572
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 2724 -ip 2724
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3088 -ip 3088
1⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5868 -ip 5868
1⤵
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5724 -ip 5724
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 860 -ip 860
1⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5584 -ip 5584
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4924 -ip 4924
1⤵
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5708 -ip 5708
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 3572 -ip 3572
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1188 -ip 1188
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4532 -ip 4532
1⤵
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4528 -ip 4528
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe

Filesize
468KB

MD5
69d618ba6d2bc58105021b091c3cd4cd

SHA1
34b0ba73b523189d489ebdc9d2c4024eb78ef7ed

SHA256
93ad6f6d6ae7194bf97355392e8f4f87e2b6d72c72504aa499c49b080f13cc00

SHA512
8e2010be9fdf9d1ebc806c5d09341a11d3763c20c20d704ac365be0919e35b9a82773afbb412346d13121e1a3b84576886e2d40ee45e456405b5ce832a96dc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe

Filesize
468KB

MD5
dbcdb14f7395261117a706876b05bf90

SHA1
b8247d98eb1f89d5b6ac8ee5ad063f99696a7ea3

SHA256
d6c10f908230d8ecc46536572dc28f246044e411d54bfa366abdc99260154d8a

SHA512
f8a43d1377b20235751d5005385e563b9c640fd030a97e5a3a03827c92d96084db0f89307c2938b8f908893c73f2f9908bce29e17120551f077816d872454c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe

Filesize
468KB

MD5
5b42ac31511081c5c43a0eca0bc67b95

SHA1
757e9aa7de8c9796337dd3662288caacb6a919f8

SHA256
d74a0830be888be3f982cc49e3e4f2fc723a5f7a10aaec6ab7323f272e483852

SHA512
a48c50ee4804d9c5df0663797c1c233c93b360c736d6b4c0885cb029af5dc8644accac939637b0c2a33f3a80f52b5289f8e43802809e5d056af3d3b040943d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe

Filesize
468KB

MD5
2d7d21c561818974d2773c1fc438ac1f

SHA1
3d5d74e7a0cbc228d7e0b8819a9b279e705d46ad

SHA256
5967c446f6b48ba6aeed700d1ed636cdf80f712016c385353f626739d5975e97

SHA512
4e3df7b9a4fda58032f685ed6d0f02e75fbfac66b23e900793433e90afb7f924aabd8b38457a2c6d787a13b8945925f52a6ed1b17e9cbc627568cbf8826a4302

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe

Filesize
468KB

MD5
319a541478e8c22f8c9264f7ff6dff7d

SHA1
8bf453e5d0363db95156083abe17ab61e1598bec

SHA256
a963d00f0fb76849dd533be6c572993564eead2aa7d4c7af502c89d87b2711d8

SHA512
d50f3535554277d0d2b863b0dca91d1c3c6e04545fe298a1a1411ffb8e113ad078c2d9b6ff3292ec343f0e08b773e552bbdd0739e0c696003ec3fbc20b5f1392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe

Filesize
468KB

MD5
1e2d252ebd2c240cb3a81b8ea0867bfb

SHA1
7f867779ba72d9fbdbcf3f68e1295430b9660c1d

SHA256
e3742f3bac6252f07d9624d049e40450919c5746786729fb466698e382cd3c9f

SHA512
b182f51d7f3902bd9f70ca973d819475bd3cf79580f1d76d385b45ca2380291b2d9e36d677dd5b1c3664e7583d5689e320026624f9d18d8f2bbcd772da506f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe

Filesize
468KB

MD5
ecce2bca5d974ee912575c50de753a56

SHA1
d99b75dd6ec380a5e6cc2785d07129a0f20f7c1e

SHA256
7bb6971359bbe19f1cfc8061a6f83f4a51ce8c70677a733abf68b23c371da4b3

SHA512
22f62586f91ad30a64b5537e07acf2684804b3dd7e3178f590d7570fdc49f8dd7b0399ca05ffe924258ecdadc3f1cddf00005f8d13c9f30a777d4e939e2ff21b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe

Filesize
468KB

MD5
a298ed3b98b14d6ec785391e82780819

SHA1
572652c8ad5c111bb80043a96710b74b656752e6

SHA256
ebb3a5064abd1e8f54e8bcb164e1dc3bd7e32cd70fd78a465670c2b22b3d6859

SHA512
18f3d815327c8a8afa5be62282303e8f9fff3d18273a91f9f25f1ce1abd893a4bb3839dff360d362bf6fd6b7fd42fcb91f23b3bee5b2570fd2f76f5f3636e34e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe

Filesize
468KB

MD5
fc93406d73cdd8814b130ac003493b80

SHA1
a1139aa207505d1fea310f2da71a3c990ea52a3c

SHA256
3d357197c41cb59795e8709278a1e649752dbde27168ebe2a636d39ef9597e07

SHA512
914bbdeed4972a76c12994821032a42dfbd63e7912d2f0d5304cb746bffc081269528ca0cc0026eaaa6014a1df532efd13265ee18f959adcbf7cd3c08d64c06d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe

Filesize
468KB

MD5
d560e0ede4a80e5e4b53cc8989ff0d78

SHA1
cdc0783b1bbe6afb38fc6b859050d24becd4a3a9

SHA256
dc2a8c1a72c916e49d95b2927c27d354d21df1a0062e6048106e040a7aeba1e7

SHA512
eed85f35c3e5ef35b92848006676a4bba7b8828fe1b5e43a3c6fa8ff4103a53113fd535590092b24a8548fa3d32f630246b89e695f3c292a4c45ac6872c4a7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe

Filesize
468KB

MD5
fa51b1037cb3d2bae4e37f1939c7a8fd

SHA1
f381c21708be932a7ce392b08b625568f51286a0

SHA256
59217ca7f2afe1c55d20e2dac2bb72eec3f526dfab2d9cc57ddc15ed56d40e81

SHA512
1036adbe6c7e29f772e7f8e856cdb75a2d4c95ae5b8508249fe508fef7fd730714a9d1818b06ba41340bfb2547e6f88479a486b32cf021226f78f7d58fe79795

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe

Filesize
468KB

MD5
efaef983335cecaf0d7db3ccab853100

SHA1
c517b96b110a26bffe1e04c46f9c0d1f43fdf542

SHA256
36be6ffc53490db5ea7808868302e3e4df322899ac63de3eccee1dd817074c10

SHA512
a61fdc52258e25e28df22ad103aa8f71a953e8c113101ec4a4e16b888ef990ffb7bf4da9741a9d2831aead1999f4980ca686813f6a6e373e4ddc1bf5f12e9794

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe

Filesize
468KB

MD5
aa5e892deb47f1ce2dfad6b22fc559c1

SHA1
cc862eacdafdb094c9bc76b54c23e9fdef7fbe4b

SHA256
3a2d34b4e71ca54bdc984c333a6013a13eb4b4367191bd9c064f4b0d103b8d7e

SHA512
bceae58ab0b72eeaf5cc75c6eb09dd723b16631f92bbf9782cd98bed207ec8e48c69b8a159bb228e112b05739a96c6504d19a0122ea7904bec8ca91f406e6715

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe

Filesize
468KB

MD5
4928fa982d2854941f27c12d67b0e461

SHA1
786cc906c3b784b8b79c55bd4e8cdc8e7a99f53f

SHA256
e707e0361ac21531c881a0735fa7bbaeda87da9558d0d6baa97e8bdf3dd22b24

SHA512
14b8f64b0e9aad60fd21116ae122e54b427ad5f7811818fc8d66d51e7e06ab06be303564530520b80257165f731e59d260cf8e040d0bb739107b5492ef426bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe

Filesize
468KB

MD5
349be604cbf818cca81cc233959d80dc

SHA1
5cd1763ec29de2742fd78e3e6d418cea2c24b009

SHA256
2e305d6a6ab556be2283676d6c746ea97b41080c81f73b415af0d4e67ae3f40a

SHA512
a6368b38d2d888ac5cceb85487ef4d33cf9c5ac9913ee34e1a260159bdea80273639a6a8eee71182c344ba04e3067fa73612ef19259a6fdc5c6f027f3abf4a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe

Filesize
468KB

MD5
7b723bd3ab9e63e1b209283c6e9206de

SHA1
1a566b52c07f4318b8f902e6186ad37489166008

SHA256
d2c4fe9b3c6445fb8d70fa86567373a0ce746a91349d6b493c92150560efb767

SHA512
def9f3b9970e70a03ece08b3a937d6c42b33ae61371a94e18c46d7bfcf428e11779b2e47d9fcf812a6eef97e4dcefb1bff04968abd3f86f78e2ad7e5fd8ccc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe

Filesize
468KB

MD5
23533f05e6410009ee4eff3fe756b3cf

SHA1
bc88a8679aad7e0c7f29a6a2aa1f21a738808130

SHA256
58cd4039637013c831a2c137ba6fbd03f5d651f9342a818afdc96af02f61c747

SHA512
a7f2c846f348a774efa9ca2a072e42a17fd4d595c9fec82c379dbd6326121d8967a7ccdefde9a8b2c3d91acbda4c8cb552547856868cd5fbc187f2b397c80e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe

Filesize
468KB

MD5
cebc313c54d067b222f3470cdac6df1d

SHA1
e90a0a7878486b25c27a9a13f5100ea4b7e85e17

SHA256
42df42e72b3c93039e35b5174e2b1f5f143a60d78cc6731d31da0ead9aa19dde

SHA512
193d7378701fc0d50c90547f1b6f5bdb66cf91435936784fa2d2154f42e8ebcd2e305514dadb43f16f0fe698d41c0435e7952bd6e1dc4d728b6d38ad1d15e600

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe

Filesize
468KB

MD5
0f845cad39edb6955ba1e224fcfdfd54

SHA1
fefc6291ef79ef8a083111da3f82e4d095da94dc

SHA256
624ac332125b301235b6b021b3897e4c7e4c5b32749b07639a8d6aeba8eb69b9

SHA512
680bde0f7a61263e66ed972dbce853c460130f32d209a0d19b3cc880f6dc3694469d272041a1eb3e788d3cc0700b550f287a2897adeacfd19640faa202f01b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe

Filesize
468KB

MD5
8a4dba55cb53796c7f101858f0608b28

SHA1
2186774611060fdb193ba5d02d7b2f60bc4f5933

SHA256
043730809eb6cb05d7d5a6f07896b11810d59e388021e3c1d2b233416b30187e

SHA512
bb9b3c74dfb109e1a4abdacc9a71a6f79850cfa046a356553ba383b0b1b5264b44cc5680679162679aecc023cd28bb068cedca755a40c744bf80936805b95919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe

Filesize
468KB

MD5
b0acb661b016af48541ab1adfeeb82a9

SHA1
646427eac0392098cb1f767fe85af4993e2589aa

SHA256
e53e6f54c05f5ea594dece2b24fa3ba37adf6d664befc182a42e05e615ec49a6

SHA512
dabdc7f7fd34015a0bdbdc442d5005e47181add98a7dfe54fe7cb4ef5fa6ffdb899a142cf49213d8d02a5c964d87d55a28d3c4ac7bdd444769597279cfb90ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe

Filesize
468KB

MD5
c60676be2cc220218f195c82571cf7bf

SHA1
344b9ed6cde38339eee8ad26b1ce45731fd1200b

SHA256
2a8195bf2a1beeb4f4ff8ea3d3ded9897fb12de7d46826fd36ef4111e0a6632d

SHA512
aa69dac6008c8a953cbc7b6b29d305be28f64b96ed75db4d79c139fcc7d18bf07bd8b1d27ba0f8677013b798ac48eeaabd40d6bfe46d36ee8e1eacea4a0138f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe

Filesize
468KB

MD5
fc6cd6a2519e904bc211bf923cbd0f12

SHA1
71466bc1ade5c0be644fbcf0abd838337d9ca8a7

SHA256
86a2c4ad85dcb1b4274d03702c019d48f527d01f17e8f0e568661e4509aaf07f

SHA512
b2b555a4f9904e89eabc4e6a5ff6a1ea490571c53bf806bb8484abd6c512fd6200caa2d59c6e7e9451f9c68d0f025a433a14768f028056e9c578f0a490c6285a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe

Filesize
468KB

MD5
2a888568889f07887d357eac36429e06

SHA1
d3ad64048433ff7358ec6674a68d516e88c88c1f

SHA256
a95f02036f29a72a06da26789b96464cf21228e11dd6ef71017835ff40e10c32

SHA512
144459a28681442443a921b9151e9f43222d8dccace667d2ae4081ade4205b36ca24ff77079551f28b89e66affbbbd69c4b726bc93e4a97759991d28c4185a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe

Filesize
468KB

MD5
bbd49d581c19253ca1466ec08317f3b5

SHA1
0f182f48989c51e135716520f6fbf5e4266e6f36

SHA256
ba04bbf90cba622fad7dc65dd78ea002a48841ad33344e276094bd8a67864ddf

SHA512
21010333c7d0e314d195747a0c483a33b46c86292a809f0b524e3ba6f09f06876ab10ce7a5c2940d69b026028c90767d118edb2fdce55f5a59ee6bae6e2a70d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe

Filesize
468KB

MD5
6b2af94b44bb10f84952064c494a4c12

SHA1
1b372c630249cb53231044d60e538619cf991c9f

SHA256
53fb8741f7e742c9a2ba17e2b6e78429186925861f057d5b24c8e233f2baffb2

SHA512
8b99c989542a66f3730c56c8b5870e7d4f3974ff2f288a2e8794c74c932c624edfbd0f3c4674e425ef0a53de3cc9016cfa59ca90f4a7bedff831024025af8e9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe

Filesize
468KB

MD5
852e21b37eb4ee91caf80a9bae01f679

SHA1
d24ee99a0a3a1a48e44f7995636cc4831a3dc875

SHA256
5af9ef2c84134747bcd033ce2d9c7a584bd5b22039e9ecda3889bd9996aea338

SHA512
90d3b29b1f308c02dc8a1b29a35e10ac332c4eefb06c9adb02c0e762b2d6f43123f5c2f3182ef7920c40aa3d2707de02cc7ecda3c648750c1b2f3cc5a09630b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe

Filesize
468KB

MD5
4f11e9fc2f98dcdff25a02b1093643cb

SHA1
733a34b9574e2be815dc9c991cc8d002cdc6614b

SHA256
83518208d9ef049e43919d852e33537106632fcdb05be5ab66aba65315d2d246

SHA512
13a0714c42e037a1f7417f98fb63d518fa13e2a97d27aa8b4cfff0b219ab8087b974bfba1c4c5da0f35ae7022b87b41c5dc64980b2b68301e47997de751192ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe

Filesize
468KB

MD5
877669a64e5e0071da3991dc85601380

SHA1
c341ba5098ca443a9ffe4cf533caac23c3a6c2ab

SHA256
033ade2cbde9a85a81b159dc15e07e621612ff55da6b48fa4490bd7656ea3874

SHA512
e6f698ed958cf7f2a00cbe67231081415fbfb6c4188f13ea3e454d74aa06fd301643e7fbfbfac7a3489165b4672c7802aa80bfc79307ac2c44efe99322ccce2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe

Filesize
468KB

MD5
c65006150bc1e7e01fdbf18707e4dc64

SHA1
08b847e1b995af83166d29da3e53b3a8f160eb42

SHA256
dc2f792175e9dff121ee205ff6793a3ef45177ebcb173f07efbde6b92fad2868

SHA512
a6d9ec55a3ee607d44f76135d5e2ec02f198383a0db2145f61843c3d5a8e39192c1a190ccf91bd95e095922f967db43992cf0ba256c7942f746377bafb1b2546

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe

Filesize
468KB

MD5
fab9ee8b7be874123d85e616fcad3fd3

SHA1
267bd0876aae3236e332ac1f88e60a1aab5e1ca3

SHA256
395b2e8b578afdcca951eb44c7922999bae6573f81c5f0083b2fcc5d40bc5c35

SHA512
13a9fb2e7661f5b55fe6e3b697f3e257c328d6c77f49a7a5049a2a2c4e6febb11ae5e24d01e3ea2796cf95b66c8c8130ca31ed7b845307635c59990cccaf37ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe

Filesize
468KB

MD5
4bb6182274c05e87f1420307f64e58ce

SHA1
c5a655d1e03582cda5fd90ee6fada3c93868f5ee

SHA256
e33b4c1310d8009f73f299d754fc7ada7d57a9be7458550fa630cf926d4daaac

SHA512
391613209f6e6e665f8f31ad10c256db1f30cbf623536a949282925a0203e43df77e32a6716de985298318ab4718ec880cc518fee4999544658c0d759902d996

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe

Filesize
468KB

MD5
8abe4a37674c370ea42924100d5ccbcf

SHA1
d162f8522a016e781439ad249aac1110d7ee2796

SHA256
cac44776a1e56dc59d4333366e468bd1f6a312656811fae9d063854deb3bbf02

SHA512
375c3366fed2901812bd2835041df7b15bec1e30b5ad546c8fabe5e1379b0702cee6493523378e3c283850b95857299ead1b8ec3e802d7b6d66e3ffc421761c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe

Filesize
468KB

MD5
1ec43684d01fcb7cca3e8c6d075b57c6

SHA1
ffa41e1236e5b984b1cdc99cb65759abb179a4ca

SHA256
b2bbe43c216f178b416a4825e642bd804570a5bf43df4cc2b086d4a82f8b861f

SHA512
1cf8e90c5c26d459a7c0691c996afc784d824568a3d4c26892b0b71d023123b28f6d1c6c972992f9ef1dbb528f52b957ab5ffcb10c7a3313d337b9d7b900588c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe

Filesize
468KB

MD5
8738c07cc13ceb87fbc266e36eee6f59

SHA1
44178b85887ceaef65ff6a17b4ed7b2d7cab15af

SHA256
120b32c70150a885c154fbbab51b56508d6e7531eeffc18438d2943f426d6af9

SHA512
8c21586a4f6f2da62e96b2cbeb50d8f27e16c9edc0d52392c753d65814b6821791270ee78ec4580f278d6d04f8cf0400f1921c2c1b2b16e525bb38df52cfb610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64812.exe

Filesize
468KB

MD5
2c3cb75ca99bbc22958853fbd646e205

SHA1
15e080539482fec706a838680b69bf018af2ff8a

SHA256
9c643771a5d9877a31d75f7b101f9425ddc057cc8037c59a4785eaab58d41db4

SHA512
c86c497c421b3bfe3be38ec6ac5c76f6e9757f9ba1b330d0ac761faed7ebf0669b5e8aa82bf6950da38a20a29b316087ce13d319ac11d59afe6414b17bff021b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe

Filesize
468KB

MD5
3931d7f0f214d850def93a4ec5b5b701

SHA1
f44233984048bce4979426e4e525512f0d05cd89

SHA256
1b0163464be71af4e1b575d6ff40e25d1b719089a282fd16694971e58f4f24c1

SHA512
ec5901e48ceb6c2bb782ecfa8a4b2cf97c61f8844bd557910748860e46928b1504ae8f00ff6814df719e8e5797495fe496f3471e88d5ef974fe73829c654e68b

Download Submit
memory/8-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/116-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/264-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1012-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1172-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1172-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1184-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1232-57-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1232-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1360-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1360-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1384-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1548-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1548-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1584-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1700-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1788-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1788-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2000-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3060-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3216-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3284-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3320-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3508-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3652-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3652-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3976-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3976-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4500-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4500-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4616-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4644-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4720-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4720-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4724-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download