3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
Size

468KB
MD5

cc7ac5c5b76c78bbe916cdb886ff8e80
SHA1

6c1e1979c3a27c12d01c26aab2999f2c38434b1a
SHA256

3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95
SHA512

28a352eb07d01a95ca6e1dfd819d88d9517782b050661b93696aad7210cc40ca05329441cc8185f4c6026133c2d7a8d14e7a7771d33f1a8a6f962f7440fac627
SSDEEP

3072:/owDovIuU35/obYJPgH5OfY/45RznIKXLTHdnShorVowmR9r6yli:/ooouJ/oiPu5OfnT17rV1W9r6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 63 IoCs

pid	Process
2088	Unicorn-29988.exe
4248	Unicorn-41420.exe
1720	Unicorn-29722.exe
4688	Unicorn-25956.exe
1148	Unicorn-22426.exe
1408	Unicorn-59012.exe
4972	Unicorn-53444.exe
1524	Unicorn-61612.exe
4428	Unicorn-58083.exe
424	Unicorn-12411.exe
1344	Unicorn-17050.exe
4988	Unicorn-11939.exe
4956	Unicorn-33298.exe
4712	Unicorn-4155.exe
4352	Unicorn-8794.exe
4556	Unicorn-46916.exe
4760	Unicorn-30388.exe
4200	Unicorn-30388.exe
232	Unicorn-27242.exe
4164	Unicorn-12907.exe
364	Unicorn-25714.exe
2172	Unicorn-53748.exe
4328	Unicorn-14251.exe
5108	Unicorn-14443.exe
4780	Unicorn-30780.exe
3920	Unicorn-47116.exe
1908	Unicorn-53675.exe
4836	Unicorn-8003.exe
2236	Unicorn-16172.exe
4904	Unicorn-37146.exe
4888	Unicorn-37146.exe
1584	Unicorn-7339.exe
3448	Unicorn-11978.exe
1592	Unicorn-48180.exe
1108	Unicorn-64900.exe
916	Unicorn-53203.exe
2220	Unicorn-23100.exe
4240	Unicorn-27738.exe
1992	Unicorn-16084.exe
5036	Unicorn-8299.exe
1324	Unicorn-12938.exe
1672	Unicorn-10027.exe
2624	Unicorn-34532.exe
2424	Unicorn-31002.exe
848	Unicorn-10219.exe
3924	Unicorn-64059.exe
3024	Unicorn-18388.exe
3760	Unicorn-34724.exe
2836	Unicorn-42892.exe
4180	Unicorn-56083.exe
4272	Unicorn-56083.exe
3660	Unicorn-20308.exe
4344	Unicorn-40130.exe
3560	Unicorn-3203.exe
408	Unicorn-52212.exe
4896	Unicorn-52212.exe
2912	Unicorn-46483.exe
1176	Unicorn-811.exe
5016	Unicorn-54843.exe
1504	Unicorn-9171.exe
1196	Unicorn-30530.exe
4360	Unicorn-9363.exe
396	Unicorn-5066.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4468	1684	WerFault.exe	82
4444	2088	WerFault.exe	86
2740	4248	WerFault.exe	87
2248	1720	WerFault.exe	88
960	4688	WerFault.exe	92
4272	1148	WerFault.exe	93
444	1408	WerFault.exe	94
684	424	WerFault.exe	98
3900	4972	WerFault.exe	97
5016	4428	WerFault.exe	100
4440	1344	WerFault.exe	101
680	1524	WerFault.exe	99
2576	4988	WerFault.exe	106
756	4956	WerFault.exe	107
3176	4352	WerFault.exe	109
548	4712	WerFault.exe	108
1596	4200	WerFault.exe	112
828	232	WerFault.exe	113
4556	4164	WerFault.exe	120
1772	2172	WerFault.exe	122
1644	364	WerFault.exe	121
3324	4328	WerFault.exe	123
5620	4904	WerFault.exe	130
5880	1584	WerFault.exe	142
3784	1108	WerFault.exe	145
5456	916	WerFault.exe	146
1196	4252	WerFault.exe	198
4856	4884	WerFault.exe	201
5928	4376	WerFault.exe	196
7016	3944	WerFault.exe	238
6324	3360	WerFault.exe	281
2780	876	WerFault.exe	311
6952	6104	WerFault.exe	324
5732	4952	WerFault.exe	316
1400	2404	WerFault.exe	401
7088	6744	WerFault.exe	502
5136	6508	WerFault.exe	546
6808	6484	WerFault.exe	503
1708	4784	WerFault.exe	576
5944	6804	WerFault.exe	563
4328	1196	WerFault.exe	600
5208	4344	WerFault.exe	526
7024	6764	WerFault.exe	705
1704	756	WerFault.exe	818
5420	6640	WerFault.exe	748
4684	3660	WerFault.exe	754
3056	3660	WerFault.exe	754
5672	1200	Process not Found	856
5872	940	Process not Found	875
5044	244	Process not Found	835
1400	6616	Process not Found	826
7092	4960	Process not Found	880
5800	5660	Process not Found	853
6096	1892	Process not Found	876
364	848	Process not Found	868
6492	1716	Process not Found	871
3788	4772	Process not Found	865
6120	4856	Process not Found	901
6928	636	Process not Found	872
4816	6236	Process not Found	882
4516	5824	Process not Found	902
4164	6180	Process not Found	867
4380	6672	Process not Found	866
5260	2800	Process not Found	862

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27738.exe

Suspicious use of SetWindowsHookEx 63 IoCs

pid	Process
1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
2088	Unicorn-29988.exe
4248	Unicorn-41420.exe
1720	Unicorn-29722.exe
4688	Unicorn-25956.exe
1148	Unicorn-22426.exe
1408	Unicorn-59012.exe
4972	Unicorn-53444.exe
424	Unicorn-12411.exe
4428	Unicorn-58083.exe
1524	Unicorn-61612.exe
1344	Unicorn-17050.exe
4988	Unicorn-11939.exe
4956	Unicorn-33298.exe
4352	Unicorn-8794.exe
4712	Unicorn-4155.exe
232	Unicorn-27242.exe
4200	Unicorn-30388.exe
4760	Unicorn-30388.exe
4556	Unicorn-46916.exe
4164	Unicorn-12907.exe
364	Unicorn-25714.exe
2172	Unicorn-53748.exe
4328	Unicorn-14251.exe
5108	Unicorn-14443.exe
4836	Unicorn-8003.exe
1908	Unicorn-53675.exe
4780	Unicorn-30780.exe
3920	Unicorn-47116.exe
4904	Unicorn-37146.exe
2236	Unicorn-16172.exe
4888	Unicorn-37146.exe
1584	Unicorn-7339.exe
3448	Unicorn-11978.exe
1108	Unicorn-64900.exe
1592	Unicorn-48180.exe
916	Unicorn-53203.exe
2220	Unicorn-23100.exe
4240	Unicorn-27738.exe
1992	Unicorn-16084.exe
5036	Unicorn-8299.exe
1324	Unicorn-12938.exe
1672	Unicorn-10027.exe
2624	Unicorn-34532.exe
2836	Unicorn-42892.exe
2424	Unicorn-31002.exe
3024	Unicorn-18388.exe
848	Unicorn-10219.exe
4272	Unicorn-56083.exe
3760	Unicorn-34724.exe
4180	Unicorn-56083.exe
3924	Unicorn-64059.exe
3660	Unicorn-20308.exe
4344	Unicorn-40130.exe
3560	Unicorn-3203.exe
408	Unicorn-52212.exe
1176	Unicorn-811.exe
2912	Unicorn-46483.exe
4896	Unicorn-52212.exe
5016	Unicorn-54843.exe
1196	Unicorn-30530.exe
4360	Unicorn-9363.exe
1504	Unicorn-9171.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2088	1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	86
PID 1684 wrote to memory of 2088	1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	86
PID 1684 wrote to memory of 2088	1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	86
PID 2088 wrote to memory of 4248	2088	Unicorn-29988.exe	87
PID 2088 wrote to memory of 4248	2088	Unicorn-29988.exe	87
PID 2088 wrote to memory of 4248	2088	Unicorn-29988.exe	87
PID 1684 wrote to memory of 1720	1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	88
PID 1684 wrote to memory of 1720	1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	88
PID 1684 wrote to memory of 1720	1684	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	88
PID 4248 wrote to memory of 4688	4248	Unicorn-41420.exe	92
PID 4248 wrote to memory of 4688	4248	Unicorn-41420.exe	92
PID 4248 wrote to memory of 4688	4248	Unicorn-41420.exe	92
PID 2088 wrote to memory of 1148	2088	Unicorn-29988.exe	93
PID 2088 wrote to memory of 1148	2088	Unicorn-29988.exe	93
PID 2088 wrote to memory of 1148	2088	Unicorn-29988.exe	93
PID 1720 wrote to memory of 1408	1720	Unicorn-29722.exe	94
PID 1720 wrote to memory of 1408	1720	Unicorn-29722.exe	94
PID 1720 wrote to memory of 1408	1720	Unicorn-29722.exe	94
PID 4688 wrote to memory of 4972	4688	Unicorn-25956.exe	97
PID 4688 wrote to memory of 4972	4688	Unicorn-25956.exe	97
PID 4688 wrote to memory of 4972	4688	Unicorn-25956.exe	97
PID 1408 wrote to memory of 424	1408	Unicorn-59012.exe	98
PID 1408 wrote to memory of 424	1408	Unicorn-59012.exe	98
PID 1408 wrote to memory of 424	1408	Unicorn-59012.exe	98
PID 1148 wrote to memory of 1524	1148	Unicorn-22426.exe	99
PID 1148 wrote to memory of 1524	1148	Unicorn-22426.exe	99
PID 1148 wrote to memory of 1524	1148	Unicorn-22426.exe	99
PID 4248 wrote to memory of 4428	4248	Unicorn-41420.exe	100
PID 4248 wrote to memory of 4428	4248	Unicorn-41420.exe	100
PID 4248 wrote to memory of 4428	4248	Unicorn-41420.exe	100
PID 1720 wrote to memory of 1344	1720	Unicorn-29722.exe	101
PID 1720 wrote to memory of 1344	1720	Unicorn-29722.exe	101
PID 1720 wrote to memory of 1344	1720	Unicorn-29722.exe	101
PID 424 wrote to memory of 4988	424	Unicorn-12411.exe	106
PID 424 wrote to memory of 4988	424	Unicorn-12411.exe	106
PID 424 wrote to memory of 4988	424	Unicorn-12411.exe	106
PID 1408 wrote to memory of 4956	1408	Unicorn-59012.exe	107
PID 1408 wrote to memory of 4956	1408	Unicorn-59012.exe	107
PID 1408 wrote to memory of 4956	1408	Unicorn-59012.exe	107
PID 4972 wrote to memory of 4712	4972	Unicorn-53444.exe	108
PID 4972 wrote to memory of 4712	4972	Unicorn-53444.exe	108
PID 4972 wrote to memory of 4712	4972	Unicorn-53444.exe	108
PID 4688 wrote to memory of 4352	4688	Unicorn-25956.exe	109
PID 4688 wrote to memory of 4352	4688	Unicorn-25956.exe	109
PID 4688 wrote to memory of 4352	4688	Unicorn-25956.exe	109
PID 4428 wrote to memory of 4556	4428	Unicorn-58083.exe	110
PID 4428 wrote to memory of 4556	4428	Unicorn-58083.exe	110
PID 4428 wrote to memory of 4556	4428	Unicorn-58083.exe	110
PID 1524 wrote to memory of 4760	1524	Unicorn-61612.exe	111
PID 1524 wrote to memory of 4760	1524	Unicorn-61612.exe	111
PID 1344 wrote to memory of 4200	1344	Unicorn-17050.exe	112
PID 1524 wrote to memory of 4760	1524	Unicorn-61612.exe	111
PID 1344 wrote to memory of 4200	1344	Unicorn-17050.exe	112
PID 1344 wrote to memory of 4200	1344	Unicorn-17050.exe	112
PID 1148 wrote to memory of 232	1148	Unicorn-22426.exe	113
PID 1148 wrote to memory of 232	1148	Unicorn-22426.exe	113
PID 1148 wrote to memory of 232	1148	Unicorn-22426.exe	113
PID 4988 wrote to memory of 4164	4988	Unicorn-11939.exe	120
PID 4988 wrote to memory of 4164	4988	Unicorn-11939.exe	120
PID 4988 wrote to memory of 4164	4988	Unicorn-11939.exe	120
PID 424 wrote to memory of 364	424	Unicorn-12411.exe	121
PID 424 wrote to memory of 364	424	Unicorn-12411.exe	121
PID 424 wrote to memory of 364	424	Unicorn-12411.exe	121
PID 4956 wrote to memory of 2172	4956	Unicorn-33298.exe	122

C:\Users\Admin\AppData\Local\Temp\3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
"C:\Users\Admin\AppData\Local\Temp\3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        9⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        11⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        12⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        14⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        15⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        16⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        17⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        14⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        15⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        16⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        17⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        11⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        12⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        13⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        14⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        15⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
        16⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        17⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        18⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        8⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        12⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        13⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        14⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        15⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        16⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        17⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        18⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 696
        15⤵
        Program crash
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 724
        10⤵
        Program crash
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 748
        7⤵
        Program crash
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        9⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        11⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        12⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        13⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        14⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        15⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        16⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        17⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        11⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        12⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        13⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        14⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        15⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        16⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        17⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 668
        12⤵
        Program crash
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        10⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        11⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        12⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        13⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        14⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        15⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        16⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
        17⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        18⤵
        
        PID:1748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 724
        6⤵
        Program crash
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9171.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        11⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47828.exe
        12⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        14⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10395.exe
        15⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        16⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        17⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        18⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        12⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        13⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        14⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        15⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        16⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        17⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 640
        9⤵
        Program crash
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45508.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        12⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        13⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        14⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        15⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        16⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        17⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        18⤵
        
        PID:824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 740
        7⤵
        Program crash
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        10⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        12⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
        13⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        14⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        15⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        9⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        10⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        12⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64972.exe
        13⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        14⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        15⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        16⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        17⤵
        
        PID:6004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 720
        6⤵
        Program crash
        
        PID:3176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 740
        5⤵
        Program crash
        
        PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35020.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        12⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        13⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        14⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        15⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        16⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        16⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        17⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        18⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        19⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        11⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        12⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        13⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        14⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        15⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        15⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        16⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        17⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        18⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        10⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        11⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        12⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        14⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        14⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        15⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        16⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        11⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        13⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        14⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        15⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        16⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        17⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        18⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 632
        10⤵
        Program crash
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        10⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        11⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        12⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21444.exe
        13⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        10⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-763.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        13⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
        14⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        15⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        16⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
        9⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        12⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18564.exe
        13⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        14⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        15⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        6⤵
        
        PID:4816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 752
        5⤵
        Program crash
        
        PID:5016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 716
      4⤵
      Program crash
      PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        12⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        13⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        14⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        15⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        16⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        17⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        18⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        14⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        16⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        17⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 652
        13⤵
        Program crash
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        9⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        11⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        12⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        13⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21356.exe
        14⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        15⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        9⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        11⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        12⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        13⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        14⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        15⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        16⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        17⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        18⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        12⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        13⤵
        
        PID:756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 720
        14⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        10⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        11⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        12⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        13⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
        16⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        17⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 740
        8⤵
        Program crash
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        6⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        8⤵
        
        PID:2028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 664
        6⤵
        Program crash
        
        PID:5620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 744
        5⤵
        Program crash
        
        PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        10⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        13⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        14⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        15⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
        16⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        17⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        17⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 628
        12⤵
        Program crash
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 724
        10⤵
        Program crash
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        11⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42092.exe
        12⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        13⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        14⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
        15⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        16⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 636
        11⤵
        Program crash
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        6⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        6⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        13⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        14⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        15⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        16⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        17⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 612
        15⤵
        Program crash
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 696
        7⤵
        Program crash
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        9⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        11⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        12⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        13⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        14⤵
        
        PID:6408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 232 -s 720
        5⤵
        Program crash
        
        PID:828
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 716
      4⤵
      Program crash
      PID:4272
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 724
    3⤵
    - Program crash
    PID:4444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        11⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        13⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        15⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        16⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        17⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        10⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 720
        8⤵
        Program crash
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        11⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        12⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        13⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        14⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        15⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        16⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        17⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        18⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        11⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        12⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        13⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        14⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        15⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        16⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        17⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 752
        7⤵
        Program crash
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        11⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        12⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        13⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        15⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        16⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        16⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        17⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        18⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        19⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 652
        10⤵
        Program crash
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        11⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        13⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        14⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        15⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        16⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        11⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        12⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        13⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        14⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
        15⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        16⤵
        
        PID:5680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 716
        6⤵
        Program crash
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        11⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        12⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        13⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        14⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        15⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        16⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        17⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        18⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        11⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        12⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        13⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        14⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        15⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 636
        12⤵
        Program crash
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        12⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
        13⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        14⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        15⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        16⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        13⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        14⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        15⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        16⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        17⤵
        
        PID:4976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 736
        6⤵
        Program crash
        
        PID:1644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 424 -s 736
        5⤵
        Program crash
        
        PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48020.exe
        11⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        12⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        13⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        14⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        15⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        16⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        17⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        18⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        19⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        14⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        15⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        16⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        17⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 628
        7⤵
        Program crash
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56380.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        12⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        13⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        14⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        14⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        15⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        16⤵
        
        PID:400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 756
        6⤵
        Program crash
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18252.exe
        12⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        13⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        14⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        15⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        16⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        17⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        11⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        12⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        13⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
        14⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        15⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        8⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        12⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        13⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        13⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        15⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 636
        13⤵
        Program crash
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 636
        13⤵
        Program crash
        
        PID:3056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 736
        10⤵
        Program crash
        
        PID:6808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 628
        6⤵
        Program crash
        
        PID:5456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 744
        5⤵
        Program crash
        
        PID:756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 720
      4⤵
      Program crash
      PID:444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        9⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        10⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        11⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
        12⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
        13⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        14⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
        15⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        16⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        17⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        18⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
        9⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        11⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        12⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        13⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        14⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7523.exe
        15⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        6⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        11⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
        12⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        13⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        14⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63164.exe
        15⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        16⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        17⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31002.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        6⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57556.exe
        11⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        12⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        13⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        14⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 652
        10⤵
        Program crash
        
        PID:1400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 724
        7⤵
        Program crash
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        7⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        10⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        11⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        12⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        13⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        14⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        15⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 656
        10⤵
        Program crash
        
        PID:5944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 676
        5⤵
        Program crash
        
        PID:1596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 720
      4⤵
      Program crash
      PID:4440
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 720
    3⤵
    - Program crash
    PID:2248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 708
  2⤵
  - Program crash
  PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1684 -ip 1684
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2088 -ip 2088
1⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4248 -ip 4248
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1720 -ip 1720
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4688 -ip 4688
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1148 -ip 1148
1⤵
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1408 -ip 1408
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 424 -ip 424
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4972 -ip 4972
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4428 -ip 4428
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1524 -ip 1524
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1344 -ip 1344
1⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4988 -ip 4988
1⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4956 -ip 4956
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4352 -ip 4352
1⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4712 -ip 4712
1⤵
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4200 -ip 4200
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 232 -ip 232
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4556 -ip 4556
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4760 -ip 4760
1⤵
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4164 -ip 4164
1⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 364 -ip 364
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2172 -ip 2172
1⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4328 -ip 4328
1⤵
PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1908 -ip 1908
1⤵
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4836 -ip 4836
1⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5108 -ip 5108
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4780 -ip 4780
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3920 -ip 3920
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2236 -ip 2236
1⤵
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4904 -ip 4904
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4888 -ip 4888
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1584 -ip 1584
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 1108 -ip 1108
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 916 -ip 916
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3024 -ip 3024
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1592 -ip 1592
1⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1992 -ip 1992
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1504 -ip 1504
1⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4360 -ip 4360
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5016 -ip 5016
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1196 -ip 1196
1⤵
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3448 -ip 3448
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 396 -ip 396
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1324 -ip 1324
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4896 -ip 4896
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2828 -ip 2828
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4240 -ip 4240
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2220 -ip 2220
1⤵
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 1708 -ip 1708
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1672 -ip 1672
1⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 2912 -ip 2912
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5036 -ip 5036
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4700 -ip 4700
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4652 -ip 4652
1⤵
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4508 -ip 4508
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4252 -ip 4252
1⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4376 -ip 4376
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4368 -ip 4368
1⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4028 -ip 4028
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 824 -ip 824
1⤵
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4884 -ip 4884
1⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 208 -ip 208
1⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 4180 -ip 4180
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4272 -ip 4272
1⤵
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4344 -ip 4344
1⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4816 -ip 4816
1⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3620 -ip 3620
1⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 848 -ip 848
1⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4444 -ip 4444
1⤵
PID:1284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 408 -ip 408
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3604 -ip 3604
1⤵
PID:60

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2088 -ip 2088
1⤵
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4100 -ip 4100
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3760 -ip 3760
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3660 -ip 3660
1⤵
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3924 -ip 3924
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4312 -ip 4312
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3916 -ip 3916
1⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 1176 -ip 1176
1⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3944 -ip 3944
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2484 -ip 2484
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5408 -ip 5408
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4200 -ip 4200
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2836 -ip 2836
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 4388 -ip 4388
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 2456 -ip 2456
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5172 -ip 5172
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2068 -ip 2068
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1016 -ip 1016
1⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 4772 -ip 4772
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1304 -ip 1304
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5540 -ip 5540
1⤵
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2240 -ip 2240
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1152 -ip 1152
1⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2708 -ip 2708
1⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3636 -ip 3636
1⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 460 -ip 460
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2424 -ip 2424
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 2740 -ip 2740
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3444 -ip 3444
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5160 -ip 5160
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3560 -ip 3560
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2624 -ip 2624
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4732 -ip 4732
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5588 -ip 5588
1⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5188 -ip 5188
1⤵
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4852 -ip 4852
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5784 -ip 5784
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 376 -ip 376
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6008 -ip 6008
1⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5180 -ip 5180
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5212 -ip 5212
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6024 -ip 6024
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5860 -ip 5860
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5768 -ip 5768
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5196 -ip 5196
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5508 -ip 5508
1⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1932 -ip 1932
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4288 -ip 4288
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5996 -ip 5996
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6016 -ip 6016
1⤵
PID:528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 4192 -ip 4192
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3360 -ip 3360
1⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5908 -ip 5908
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5376 -ip 5376
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5852 -ip 5852
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3656 -ip 3656
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2236 -ip 2236
1⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5492 -ip 5492
1⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5956 -ip 5956
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5736 -ip 5736
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6052 -ip 6052
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5244 -ip 5244
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5688 -ip 5688
1⤵
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6036 -ip 6036
1⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5432 -ip 5432
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5424 -ip 5424
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5596 -ip 5596
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6128 -ip 6128
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5964 -ip 5964
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 6004 -ip 6004
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6060 -ip 6060
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6116 -ip 6116
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5948 -ip 5948
1⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5776 -ip 5776
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5872 -ip 5872
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5936 -ip 5936
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5360 -ip 5360
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5560 -ip 5560
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3320 -ip 3320
1⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5472 -ip 5472
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1140 -ip 1140
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6076 -ip 6076
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 548 -ip 548
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5904 -ip 5904
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3992 -ip 3992
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5556 -ip 5556
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 876 -ip 876
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1532 -ip 1532
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5440 -ip 5440
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6104 -ip 6104
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5684 -ip 5684
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4952 -ip 4952
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4960 -ip 4960
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5420 -ip 5420
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5384 -ip 5384
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 3100 -ip 3100
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5984 -ip 5984
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 2224 -ip 2224
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5604 -ip 5604
1⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4308 -ip 4308
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5152 -ip 5152
1⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4024 -ip 4024
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1748 -ip 1748
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 5640 -ip 5640
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4320 -ip 4320
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4820 -ip 4820
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 2028 -ip 2028
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6392 -ip 6392
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6068 -ip 6068
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5620 -ip 5620
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 544 -ip 544
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3704 -ip 3704
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6384 -ip 6384
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 732 -ip 732
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 208 -ip 208
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6776 -ip 6776
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6628 -ip 6628
1⤵
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4936 -ip 4936
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2432 -ip 2432
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7000 -ip 7000
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4700 -ip 4700
1⤵
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1984 -ip 1984
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2680 -ip 2680
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1816 -ip 1816
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6748 -ip 6748
1⤵
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4224 -ip 4224
1⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3612 -ip 3612
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3448 -ip 3448
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3824 -ip 3824
1⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6400 -ip 6400
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2452 -ip 2452
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4508 -ip 4508
1⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3312 -ip 3312
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 388 -ip 388
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3464 -ip 3464
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6584 -ip 6584
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3124 -ip 3124
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5880 -ip 5880
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 364 -ip 364
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4360 -ip 4360
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 6376 -ip 6376
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6368 -ip 6368
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 892 -ip 892
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1936 -ip 1936
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6592 -ip 6592
1⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6456 -ip 6456
1⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6640 -ip 6640
1⤵
PID:544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4756 -ip 4756
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6352 -ip 6352
1⤵
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6680 -ip 6680
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3568 -ip 3568
1⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2404 -ip 2404
1⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5516 -ip 5516
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6608 -ip 6608
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 2456 -ip 2456
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4816 -ip 4816
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6420 -ip 6420
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4704 -ip 4704
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2836 -ip 2836
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7124 -ip 7124
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7084 -ip 7084
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3432 -ip 3432
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1888 -ip 1888
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2004 -ip 2004
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 944 -ip 944
1⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 3152 -ip 3152
1⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5036 -ip 5036
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2108 -ip 2108
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3736 -ip 3736
1⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1352 -ip 1352
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5260 -ip 5260
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1892 -ip 1892
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5652 -ip 5652
1⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6248 -ip 6248
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1928 -ip 1928
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6616 -ip 6616
1⤵
PID:364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 7100 -ip 7100
1⤵
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7140 -ip 7140
1⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6824 -ip 6824
1⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6512 -ip 6512
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6812 -ip 6812
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1044 -ip 1044
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 532 -ip 532
1⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 6604 -ip 6604
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6556 -ip 6556
1⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5408 -ip 5408
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6712 -ip 6712
1⤵
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5828 -ip 5828
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6252 -ip 6252
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6744 -ip 6744
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5328 -ip 5328
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 2316 -ip 2316
1⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6436 -ip 6436
1⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2080 -ip 2080
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4260 -ip 4260
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2800 -ip 2800
1⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 7096 -ip 7096
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 7116 -ip 7116
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6184 -ip 6184
1⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6484 -ip 6484
1⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5224 -ip 5224
1⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 6508 -ip 6508
1⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 376 -ip 376
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4784 -ip 4784
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6796 -ip 6796
1⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 2740 -ip 2740
1⤵
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 3760 -ip 3760
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6932 -ip 6932
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4888 -ip 4888
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5392 -ip 5392
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 512 -ip 512
1⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4344 -ip 4344
1⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6804 -ip 6804
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1196 -ip 1196
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2624 -ip 2624
1⤵
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4664 -ip 4664
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5184 -ip 5184
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 740 -ip 740
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2732 -ip 2732
1⤵
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5556 -ip 5556
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 7104 -ip 7104
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5644 -ip 5644
1⤵
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 2576 -ip 2576
1⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 536 -ip 536
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4536 -ip 4536
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1732 -ip 1732
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 1736 -ip 1736
1⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6788 -ip 6788
1⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3560 -ip 3560
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5996 -ip 5996
1⤵
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2056 -ip 2056
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 2468 -ip 2468
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3920 -ip 3920
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6000 -ip 6000
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5332 -ip 5332
1⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1408 -ip 1408
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 6844 -ip 6844
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2484 -ip 2484
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5496 -ip 5496
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4916 -ip 4916
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3656 -ip 3656
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 4332 -ip 4332
1⤵
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3820 -ip 3820
1⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5216 -ip 5216
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6120 -ip 6120
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3400 -ip 3400
1⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2744 -ip 2744
1⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6132 -ip 6132
1⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7132 -ip 7132
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5280 -ip 5280
1⤵
PID:444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6876 -ip 6876
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5128 -ip 5128
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6076 -ip 6076
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5736 -ip 5736
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4044 -ip 4044
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1532 -ip 1532
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3164 -ip 3164
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4524 -ip 4524
1⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2276 -ip 2276
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 1452 -ip 1452
1⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7112 -ip 7112
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5992 -ip 5992
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6736 -ip 6736
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6764 -ip 6764
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5680 -ip 5680
1⤵
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4676 -ip 4676
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 4572 -ip 4572
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2440 -ip 2440
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5204 -ip 5204
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2268 -ip 2268
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5452 -ip 5452
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6848 -ip 6848
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5960 -ip 5960
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 4376 -ip 4376
1⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6400 -ip 6400
1⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4240 -ip 4240
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 6100 -ip 6100
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5608 -ip 5608
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 3612 -ip 3612
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 2880 -ip 2880
1⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5272 -ip 5272
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7016 -ip 7016
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2912 -ip 2912
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3124 -ip 3124
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3896 -ip 3896
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5324 -ip 5324
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1612 -ip 1612
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1088 -ip 1088
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 4192 -ip 4192
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1504 -ip 1504
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 960 -ip 960
1⤵
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4020 -ip 4020
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 2564 -ip 2564
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5620 -ip 5620
1⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1512 -ip 1512
1⤵
PID:4988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5712 -ip 5712
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6684 -ip 6684
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6372 -ip 6372
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6404 -ip 6404
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4568 -ip 4568
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6720 -ip 6720
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4816 -ip 4816
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6160 -ip 6160
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3176 -ip 3176
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 2656 -ip 2656
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1984 -ip 1984
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6196 -ip 6196
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5152 -ip 5152
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6752 -ip 6752
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 756 -ip 756
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6640 -ip 6640
1⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1888 -ip 1888
1⤵
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2444 -ip 2444
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1304 -ip 1304
1⤵
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5652 -ip 5652
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5664 -ip 5664
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6560 -ip 6560
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5256 -ip 5256
1⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6332 -ip 6332
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1176 -ip 1176
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5212 -ip 5212
1⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6288 -ip 6288
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3660 -ip 3660
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 6960 -ip 6960
1⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3376 -ip 3376
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4820 -ip 4820
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5412 -ip 5412
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 1928 -ip 1928
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1200 -ip 1200
1⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6616 -ip 6616
1⤵
PID:6600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe

Filesize
468KB

MD5
44925df28d195e964cd1c5c390d7785c

SHA1
2a228c07e1e2ce9805c35cca2d33899c689e21fd

SHA256
01ad2fe1023419d27c0adc4678264828e2d54a43fe2adcffb6e9959a55235519

SHA512
4de346665bc340459e0b4f6a87b82c186fd2f8eccbd1d0ba3f72c581fb5b80dbc0b80f73fc27e29b3b77b454a336cf6ca498a1d53e87c6a47310d1da22aab202

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe

Filesize
468KB

MD5
2a284b6b5dad85f986d3ba25f325d612

SHA1
e7ef1533e41f154f43b3f2b71653b55f80fd20de

SHA256
465ebd87eb675c42725bc00ac238efc3d8b3ae3e3470730474112a652a1ec152

SHA512
882a43a4218f0754ab9370b3b1ae0913c2592cccd009b81f3cdec7154c4f0e0debf0a47279887ed12a09d389aaeb6a42e633cf3bc2e1cd4b0c1156b6c4573682

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe

Filesize
468KB

MD5
63839acea076fb1cdcbdbc80a84f1726

SHA1
52c94c40494ae10323ed78c210e1f3fa9604e3e0

SHA256
7ae41a3c16e05c9324ad10f782d99a3b8ae894a5b965e49b6d731982ae1fe561

SHA512
eba123e96fc57e0b4f92650c7d94375b955300af54c4d438ec913a53251d976fedb47ebc2612133e2a0337a4d1a1c186c47ff729064f1b10c083681b1fd6c756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe

Filesize
468KB

MD5
ed64aa5aeb75573f1faab04c1388f3df

SHA1
98a429fba82805df0263b5337ce6c9e5ab174741

SHA256
9f949d4eea9dec3e5b360b83af928987563c15e6bdddb24368515d4ce3b93ae2

SHA512
3af088e16e595e84420955ea1d454882ac8cbcb84b7a5077b41f9c0f2587c7e24f998281039bd86b3d414f5007a400e28dadc8f831fd4c49da08f0fe28f64584

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe

Filesize
468KB

MD5
3cd07f018b568f7a81bbd4c2fbc8f244

SHA1
b857810f952ffa9d2fbdfe5de9adba7dfa074694

SHA256
69be029d6cac1204f69f04eea3ec1a93bb43e73ce072903cc52796c9df6c2ddd

SHA512
5fab967c8fc82e90858eca17a18e5f9760502b5880074f6244c99e578752821e9a4443a8eece1faf1b9d5a78fa4925fd41e57938d29464ffae1b84fac0b78687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe

Filesize
468KB

MD5
5a3d68c1074f167704c20e9dfe87a8f2

SHA1
2b90c62348da4a9ec7199c2cab1d83c2cda6a003

SHA256
de014840638ccb9f5ef0ec00dde2e71e89757ea72290d2b02e2e905ebc729181

SHA512
2fc20371845c4e843310180c3c4f19cfcf8bc25263ed36ae56d5c46d287c1e0b86f06b73a4053d07bdc9650a7eb56d2ce0067431810df64e2f04bbf92f11642d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe

Filesize
468KB

MD5
a139060ede577837ab783d4954990399

SHA1
3f19604ecd319b3047126751144f5b15499e1908

SHA256
ba9aca406ccd7c6ce4916eb8b66efcd3990a8e4ae2d9943ee56d1980e930eae1

SHA512
0625c0a5dbde41445f2c22aab298b790557fa955c90eaca9ac8f4fb7cf7a2e0bd72cdec487b335e7ba7572ca4eb6ce7a52b8631fed3bde3237d6c8e9004934e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe

Filesize
468KB

MD5
60b558dfb72d1766e95be0007ff83483

SHA1
b827b1168f8abd1c6eceae2d6471d8726cf2f3e1

SHA256
492918525cefddb885766cba5e9fd5b8bd54b10592dc98dda0f9a225f4ca32aa

SHA512
e96e89ed6e41e6d1be648fa5ada5011d2e5c856d174951b7ac111a014ba13fd3e260fb9818a0187e2516b51b534aa1dc10bced6a394538e48d6329698204925b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe

Filesize
468KB

MD5
2bb3305e84e8accdf2f303a9d6b34dbb

SHA1
6d7008270e3c9674f05e7dd6bc8a2a6764203a58

SHA256
c63c998e7680e858471d80c17e7c45e76dd858f5ccce584146cf5132414ff537

SHA512
e8e160be32e757dc7edfd22f86ade865ba4356932e65dc756999993fd048d557c32c5fd7876fc1b41d0d69531b1273f7ceece45b9fbe9d415c416be274dfc78c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe

Filesize
468KB

MD5
982c40aeb2d409f99ca021fbc019cf66

SHA1
37d28c13b1bb8edbe2922e5eb192eb7f9b6b24d4

SHA256
2f07036034afbc3e4a669b3880bcb45aee7daa2bfed24d5d982af03d4b077efa

SHA512
7a964aa85c538b95c30c3280924ea9e1cdeb89cb124b6e635eb014c6459eb1e4a6d8544b38400fbeb0e190e901e1db08eae6e2d5a9ed994f69a9349245d0b989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe

Filesize
468KB

MD5
bbadb02f5902268c09447e2b6014974a

SHA1
2503f225994bd9fcfe2675e1ea8467dd2aebd8da

SHA256
9dd5b0fd1398692cbef6f928bf2eae5570bdfc02b1b4a5451226724326652e1e

SHA512
a987bf46f023800a4122a5a8cac4d351b23841d52ec94a35c3de14a493edb45253c1fc2f43cb1b845761687f1d56be5598a577be5139760f93c8cc57a055dbfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe

Filesize
468KB

MD5
f2ddeaf20d172392a89a7bce54708252

SHA1
7c1e4124d645ce202d28c50bae417adb7907cec0

SHA256
16ca7ab324e3bc04b8b4d075b17423bb05eb1cb2d9e539bf28beff13a934fabb

SHA512
a3765f3b9641c5711680783e0e8c920b6bcb46ab639fe267aa92d48677bda37d2d60210aaa8d75e845ed187c1c61e7dfc9c3ea1e572be0f244643db6f2d00d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe

Filesize
468KB

MD5
adaee5ab21e32d9f80b4050d1ea6267f

SHA1
17c6cfdf15fba6379c1e40c0e493ab40d9b5f73f

SHA256
0dcf6e992d7e565f5b1aa88eadb6dcfd022d4e91e397cd5c4a87e95e747251d1

SHA512
983555804da08945eeb91366c11176ab863aec720880af3aa99c307f9748e466c2133f7cc308a42c1e088253708341ee79e6de1703a8c01a3d35eade318a13b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe

Filesize
468KB

MD5
ccfaac2b8e27a45e182d90e98fc1b298

SHA1
a642ce417c49f3955d3bef557d3762d7ebeb52ea

SHA256
318cdf24f25b13ff7a9403af49f772e4f91bb8487edfdbda2babe3fc42b74a70

SHA512
8f42aff0fb94245151004ca1b5a6c9de48ceb3448cc1ccf93b93bf05d2d9a0c97ad8868d1c9d9b07c2c0cfae8c776eb69a7b8b76636efe28252b5e1e9e30c916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe

Filesize
468KB

MD5
5848bc841976df9eb116007b3de4fe0b

SHA1
c3c36f6688fdd5f32b7a093c10baa1a0f5130a9e

SHA256
8a8491240882cc237ec6456afb3bc4ccf0a35c9b98529605d525d43b66ed0132

SHA512
b337b2a1a905a655aca7c71d5ec5c2f3450a01e5ad1ecc4e35a000925599734b1240b975c399b9a7af9f2eb486e506905ad37624b59955c504034cf02d8a7f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe

Filesize
468KB

MD5
f684fede7cad4f22b18b6094f980c68b

SHA1
1ff5cee5a4f88c569671737b0a10d3cb53aacf74

SHA256
464f25475b35a313129bd2b36204e734fb3c7dce725309590f2ba16a7aecd8bc

SHA512
873f902225a2550861a5a10c90bbd9b2530bac4dc4a6eebe00ab6aefa74af749cf78b74f83dc7515ec1866550b278a18e8c42daeb82d5c344a123f47e4f7dd83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe

Filesize
468KB

MD5
a33fd99485f6190b2165edabbe731943

SHA1
1a01d46a80a8d3adfb94fd6ffc04cc94b52aff90

SHA256
d66e4831bc831fb35583b102b376bfa39085d26bb2b2fcfdd6f4856f6ca6ce2e

SHA512
6b919307b9a428d0a42c262587482639aaab011be9b5b928124c6ee2a015ebe99f75c8e91ea5da1f73d69c21e2d9691619136c62d08c2ce8829a6d6e4b2c2470

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe

Filesize
468KB

MD5
ebedafa3ba18f58660ee6ee71a6bf4de

SHA1
61ada8a4f334834b9efcb0b488ebc4a03e8e62c6

SHA256
d6833f85293a4100e0d5f5a2b0807339f41e928d2aa61f28cf603df39d3494a3

SHA512
0843ffd292a1527c22c66476681e00872f5db6fa86c4a07fb0d038b5ba88f9469df66fdc1950546bb3e2d3e28a395bca5b8212f32d1f2b530f93d0045978fc89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe

Filesize
468KB

MD5
9efe882d4ab7242fe904c3b46cb7f14d

SHA1
5223009d77d774b98b5c9906172f0d5bdc8e2978

SHA256
7fbb46290ffaa2b46c956130d107f5c9257a3cb186abb9aa6c47b1e392856e57

SHA512
4eb68f4756e53df7e6419e5a3aa69b5c8fa1c591afc763b8d04ed92173dec5b1268242c622688db43bf1ec3d525f121d38d528e154359f5e78ddb5914eb45bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe

Filesize
468KB

MD5
e0c5ca3a833d17e6395722ad021677b5

SHA1
8a7cb595e199a0d447b8f1c2ae03f61bf46a3079

SHA256
2f0e01467217553209b2506bb02c18330eba9bf796fff3349519d483ca982d65

SHA512
267c7ba89a300a951cc89b788b2077713472fade668fe8bf61042def8929956ab4c4e948f8ea94ae6b63c9427ff715db4c7882f495bfc1af318a149cfbe5cc31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe

Filesize
468KB

MD5
4c93c84bc6e368438c1b594a60c5c811

SHA1
6adcee8ae71c7aa881b8568b3051783188692c72

SHA256
a253294c8cd01221088631120b880399782777cf44eba7d667f9e1886da33821

SHA512
e5a8eace14fed87baadd75b1b3637670e581696d7f8d99af82110fb964a3ecee3ab9e824dd48e50f2febe4ae177448d42903b1aa191b34ea1385d46380760610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe

Filesize
468KB

MD5
93c77803bf7491ff80e43ea0b7aab234

SHA1
74fce46fc01b49a2672f013341546bfee871df92

SHA256
ce79a47cac5930f48f2eb0ad447a948565e83dc181d37fe373454506220791dd

SHA512
b6b39f194e5caa798b2f034d7858fef62cc7a6b8f668a15e618737a4af40fec0f895a9f7362ed6f2dc086390c4022b90c8d5747696fe20e0a28949f461feebd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe

Filesize
468KB

MD5
3f6b25ce443211ab624f1a9e3dc18bed

SHA1
a058504f4c6d932a675bc64b49a02bb064124f8e

SHA256
3a60dd8c9d00c01b48b749161cdad418958364e97dc93ebd70336f2432951665

SHA512
0fb604b2a26eb84a304c93fe91109073c5446a99163e86d7de8cdc611dd7b3ad9b9aba14256b3342d0bf26c2c5a336eb2c8c36ca7682091fa74ce75a7d231e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe

Filesize
468KB

MD5
54ac35fe6c00051609c8ee50f38ca94f

SHA1
b9c23a8039bfc01fc4318d38e98ccfa3113771b9

SHA256
eab43d3da6c37d7de4a143bfc1b75e83b4ca7f871368d9517dd7ba333998f5db

SHA512
d43c4a917b8ca280e1b5c2f85e5d0494a60177ef76b94ce6a602d2e84e14f1a92ed1ff2af8b94cd49f2c66ad8dd92cd45662143511c82508c23e95e809899565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe

Filesize
468KB

MD5
62339992c939a71dee1dfe71d73ab880

SHA1
25785876653b0d39784bd0741d1dd25f89e9e854

SHA256
1d48ef3337deb677dccb491b8a58b25bde879e3272aa98d60364a0e393ce5095

SHA512
1d23222817c50e926f09c22b74cf7c4af619df758319214941e07301c17a8eab2d12aa6760beb9ac3219f0978c5430d77f244ddf388bfdfc1c9ef5f08f7bf129

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe

Filesize
468KB

MD5
6762ee8fd9f1972f1563103f39df18ed

SHA1
637e32eeb7c18f05c7e72a6e9ba8dde27e0c1d78

SHA256
7c3e6b36247ca5f3c01be47fc65ba0c1a38c4fe68a385eb67b768fc258a757c9

SHA512
c1e0fb228a12a5fc855bc752916ddf615819ddb0ee44d891af2a527b173b0da881a323992b95bfcf8dde73bc240e4813222015acd76e2130d2f375519ec4f2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe

Filesize
468KB

MD5
6c48d9180aec7e893c51aeb33a2301d2

SHA1
c54757645b8adef7afa459e44b45c6bb355a9321

SHA256
b4640b6feb0a50854430936af38827b964f9c660449d40f64f3f89ca71483bdb

SHA512
1a9ee3ae3f4a2938060e66b984dc6499aa5bcc3e61e91826fd0f1bcd99f15af852f6bb42394aae2025fcdf8b084524eba42c76184774f669efe80226628aa7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe

Filesize
468KB

MD5
a6935e7e514642a2cf93ba99052461f0

SHA1
22690436d1ec7522df036e1775be63756bd40e9b

SHA256
9ec3f3c12ffc54e95a707c698323db2d185cc79055d960846ffffdf0a42b2ee6

SHA512
85893285d4c89af8fd3f6a97a51ed2447a1861103d447f178686717d1a3aca16bfbbf8046d748d77ed2937964c2254e8b29875188de64186d1afdee543749a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe

Filesize
468KB

MD5
ae90b18281219bc38a2e8fb4c30aa415

SHA1
194ccd080d1ec6644d94f39d3b932e90a60414b6

SHA256
fd84ce80fd0fd7ae545f848618ad78984372150062b5b22479a019524d12e694

SHA512
ef088a3bf994722e9ccc7a5d8c70bcfa638927341b07115f8d59f1cdefa2af72bfe4baacaa6bd7d866e21757c7f6eb92ad9a7f0a255595a2c071894fadac9e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe

Filesize
468KB

MD5
1c530188bb76694484196fe206f3050d

SHA1
642c5170345436e8cebd365210ec84ab4c8e6e18

SHA256
6a61cdb2ef6db42c829b8eb8f0b5d8bcdcfa7e1e2e325fcb17e2d047e3352bae

SHA512
e4658e32ba8b6c95d1b4e813a125829ff56e18387e97d30cfcbd062caccf7fc305bdfd27b07ee7e36de89ce5c48fdbe35e4ef32bc3d921f186e9716b8a1644a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe

Filesize
468KB

MD5
961c12b4257ec45ba3df5886d0a6b34f

SHA1
cba6c49aee661ac8a4ae300a7a8cc00fcbf0ed08

SHA256
5e37fe4320db64393a11e3fb3ecc2efd608e3247e8417180fc57f7bc461e6860

SHA512
17f01d029c024e73790c9fc625eea14a1fa83cfcd122bb2a3b4c53bbf1de53aee78ee7daa78b6f52ad8b4bcfe64087c226270ac3566788eaa4f73d8aeea81c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe

Filesize
468KB

MD5
bd62564c2b40c9d5f98420574a694f2d

SHA1
f2b91c0036dc143e548ffe24b650dce6273e2ac0

SHA256
1d27e1ad9f34fbe9a2269e0f12db580a33dc5932962e05b788ff2d325079c82a

SHA512
3b1c7f863f4233933605482456acbc480d28ded611cac363a571c0e9b07fce08a1bb375e7a51e693b423595a9f6b53c8469505c8f57a3bf2a44af490309d4cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe

Filesize
468KB

MD5
e2dc43c6664dd6725fa5442508a26c74

SHA1
91f3303646b78f2d1d44cb3daff31c08e6314957

SHA256
12c211de638ecf74ce2c314bb0267be6472974f4c0fcdf26fd060e421b8b2426

SHA512
abc075dba45c9a1797b4f28cdd0aff871666bb6fdfdab131c5e4947bd4c2291d3d1e2cb5c099f8f102e0a0444299c766ce495316643b8d6ccfbd9b313b084bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe

Filesize
468KB

MD5
e22090e80f0903e6f0ba98b737c4a2dc

SHA1
e60861bfe6ddd4d276f02bf3bbd229c36ea445f2

SHA256
194b1c29fbf2780d8b2c1a0c53ecb878f7bd9ed2d94d56a4b41227b1ac6e4692

SHA512
08a51a0edb8e229c211f31a9b1a0a4ca83e1a35016dd45f224d672f3c399f9e3420f6c503471bc140191efa83e74c3c40984b82665f1d38c2f6fcb5e25c00224

Download Submit