dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684c

Analysis

max time kernel
120s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe
Size

184KB
MD5

1570af7bcb266b842e74e6388cd07a60
SHA1

57024ea7da9e5cdc75f67de10c55d1582956a982
SHA256

dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684c
SHA512

54a69004ed36c0b40801c656880659bf88dc13c560b7a3c649b4e90c0653a67a1b333d73ab266a4d84c67bbf6c8e387bd8cc35f8f78c7085f34cf9db3ce2ccbe
SSDEEP

3072:4Xiuh6o0SLvjdpdYeJYWIEg+I1+7+INybnHR+D55qY0lhlnVOFY:4XQozZpdCWJg+IdHIUhlnVOF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2692	Unicorn-13160.exe
4880	Unicorn-35273.exe
1652	Unicorn-15407.exe
2960	Unicorn-4027.exe
2204	Unicorn-49699.exe
4780	Unicorn-4027.exe
3292	Unicorn-32829.exe
3100	Unicorn-40120.exe
2028	Unicorn-8002.exe
2940	Unicorn-29491.exe
2948	Unicorn-22558.exe
3604	Unicorn-51853.exe
4792	Unicorn-10498.exe
540	Unicorn-9175.exe
2856	Unicorn-2631.exe
3472	Unicorn-21428.exe
4764	Unicorn-56980.exe
4196	Unicorn-3866.exe
4308	Unicorn-20909.exe
4460	Unicorn-23924.exe
2944	Unicorn-4058.exe
1336	Unicorn-49689.exe
5100	Unicorn-36922.exe
1976	Unicorn-12740.exe
2304	Unicorn-4572.exe
1860	Unicorn-46015.exe
1564	Unicorn-15070.exe
4156	Unicorn-34936.exe
3832	Unicorn-2564.exe
1788	Unicorn-22300.exe
1292	Unicorn-40259.exe
3256	Unicorn-28413.exe
4872	Unicorn-35704.exe
2692	Unicorn-25075.exe
3528	Unicorn-2263.exe
4704	Unicorn-11500.exe
4228	Unicorn-60187.exe
1208	Unicorn-23753.exe
688	Unicorn-23753.exe
1480	Unicorn-28583.exe
2888	Unicorn-48449.exe
736	Unicorn-3010.exe
2484	Unicorn-57084.exe
1560	Unicorn-16052.exe
3224	Unicorn-5423.exe
4540	Unicorn-29565.exe
4396	Unicorn-5615.exe
4516	Unicorn-29648.exe
2172	Unicorn-51692.exe
4760	Unicorn-59305.exe
2784	Unicorn-37432.exe
1112	Unicorn-39055.exe
4200	Unicorn-13996.exe
3176	Unicorn-30333.exe
3108	Unicorn-31079.exe
3056	Unicorn-47821.exe
5060	Unicorn-52460.exe
4512	Unicorn-42668.exe
4560	Unicorn-64904.exe
4480	Unicorn-31485.exe
1616	Unicorn-31485.exe
3912	Unicorn-38776.exe
3332	Unicorn-38776.exe
4264	Unicorn-28147.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
4092	3332	WerFault.exe	82
4352	2692	WerFault.exe	86
2312	1652	WerFault.exe	87
752	4880	WerFault.exe	88
760	2960	WerFault.exe	93
1000	2204	WerFault.exe	95
3936	4780	WerFault.exe	94
4596	3292	WerFault.exe	98
3080	3100	WerFault.exe	99
4416	2940	WerFault.exe	100
2452	2028	WerFault.exe	101
2920	2948	WerFault.exe	106
1656	4792	WerFault.exe	108
3232	3604	WerFault.exe	107
4780	540	WerFault.exe	109
3508	2856	WerFault.exe	110
4880	4764	WerFault.exe	118
3536	4196	WerFault.exe	119
1320	4308	WerFault.exe	120
4780	4460	WerFault.exe	121
2624	2944	WerFault.exe	122
1524	1860	WerFault.exe	127
4604	5100	WerFault.exe	125
2176	1976	WerFault.exe	124
3820	1564	WerFault.exe	128
4308	4156	WerFault.exe	130
3344	3832	WerFault.exe	138
1860	1788	WerFault.exe	139
5668	3256	WerFault.exe	141
5964	4704	WerFault.exe	145
5244	1208	WerFault.exe	147
4988	736	WerFault.exe	151
4556	688	WerFault.exe	148
5256	3224	WerFault.exe	156
6700	2236	WerFault.exe	194
6648	4540	WerFault.exe	159
4084	2600	WerFault.exe	248
2920	1616	WerFault.exe	181
5428	5992	WerFault.exe	297
2940	2188	WerFault.exe	335
6572	6536	WerFault.exe	424
5204	4576	WerFault.exe	433
6940	3984	WerFault.exe	471
4760	3764	WerFault.exe	502
5272	2452	WerFault.exe	568
5736	5912	WerFault.exe	585
2964	976	WerFault.exe	601
4648	4276	WerFault.exe	682
1328	2176	WerFault.exe	803
5292	6404	Process not Found	773
6996	5672	Process not Found	873
4156	1700	Process not Found	952
336	2624	Process not Found	1053
5496	5464	Process not Found	1105
6200	4248	Process not Found	1094
2636	3500	Process not Found	1137
4364	7028	Process not Found	1207
2948	5284	Process not Found	1158
5428	4748	Process not Found	1160
1852	5752	Process not Found	1168
6888	624	Process not Found	1164
5844	6640	Process not Found	1155
2784	6896	Process not Found	1188
1488	6900	Process not Found	1421

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51028.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe
2692	Unicorn-13160.exe
4880	Unicorn-35273.exe
1652	Unicorn-15407.exe
2960	Unicorn-4027.exe
2204	Unicorn-49699.exe
4780	Unicorn-4027.exe
3292	Unicorn-32829.exe
3100	Unicorn-40120.exe
2028	Unicorn-8002.exe
2940	Unicorn-29491.exe
2948	Unicorn-22558.exe
3604	Unicorn-51853.exe
4792	Unicorn-10498.exe
540	Unicorn-9175.exe
2856	Unicorn-2631.exe
3472	Unicorn-21428.exe
4764	Unicorn-56980.exe
4196	Unicorn-3866.exe
4308	Unicorn-20909.exe
4460	Unicorn-23924.exe
2944	Unicorn-4058.exe
1336	Unicorn-49689.exe
1860	Unicorn-46015.exe
1976	Unicorn-12740.exe
2304	Unicorn-4572.exe
5100	Unicorn-36922.exe
1564	Unicorn-15070.exe
4156	Unicorn-34936.exe
3832	Unicorn-2564.exe
1788	Unicorn-22300.exe
1292	Unicorn-40259.exe
3256	Unicorn-28413.exe
4872	Unicorn-35704.exe
2692	Unicorn-25075.exe
3528	Unicorn-2263.exe
4704	Unicorn-11500.exe
4228	Unicorn-60187.exe
1208	Unicorn-23753.exe
688	Unicorn-23753.exe
2888	Unicorn-48449.exe
736	Unicorn-3010.exe
1480	Unicorn-28583.exe
2484	Unicorn-57084.exe
1560	Unicorn-16052.exe
3224	Unicorn-5423.exe
4540	Unicorn-29565.exe
4396	Unicorn-5615.exe
2172	Unicorn-51692.exe
4516	Unicorn-29648.exe
4760	Unicorn-59305.exe
2784	Unicorn-37432.exe
1112	Unicorn-39055.exe
4200	Unicorn-13996.exe
3176	Unicorn-30333.exe
3108	Unicorn-31079.exe
3056	Unicorn-47821.exe
5060	Unicorn-52460.exe
4512	Unicorn-42668.exe
4560	Unicorn-64904.exe
4480	Unicorn-31485.exe
1616	Unicorn-31485.exe
3912	Unicorn-38776.exe
3332	Unicorn-38776.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 2692	3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe	86
PID 3332 wrote to memory of 2692	3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe	86
PID 3332 wrote to memory of 2692	3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe	86
PID 2692 wrote to memory of 4880	2692	Unicorn-13160.exe	88
PID 2692 wrote to memory of 4880	2692	Unicorn-13160.exe	88
PID 2692 wrote to memory of 4880	2692	Unicorn-13160.exe	88
PID 3332 wrote to memory of 1652	3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe	87
PID 3332 wrote to memory of 1652	3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe	87
PID 3332 wrote to memory of 1652	3332	dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe	87
PID 1652 wrote to memory of 2960	1652	Unicorn-15407.exe	93
PID 1652 wrote to memory of 2960	1652	Unicorn-15407.exe	93
PID 1652 wrote to memory of 2960	1652	Unicorn-15407.exe	93
PID 4880 wrote to memory of 4780	4880	Unicorn-35273.exe	94
PID 4880 wrote to memory of 4780	4880	Unicorn-35273.exe	94
PID 4880 wrote to memory of 4780	4880	Unicorn-35273.exe	94
PID 2692 wrote to memory of 2204	2692	Unicorn-13160.exe	95
PID 2692 wrote to memory of 2204	2692	Unicorn-13160.exe	95
PID 2692 wrote to memory of 2204	2692	Unicorn-13160.exe	95
PID 2960 wrote to memory of 3292	2960	Unicorn-4027.exe	98
PID 2960 wrote to memory of 3292	2960	Unicorn-4027.exe	98
PID 2960 wrote to memory of 3292	2960	Unicorn-4027.exe	98
PID 4780 wrote to memory of 3100	4780	Unicorn-4027.exe	99
PID 4780 wrote to memory of 3100	4780	Unicorn-4027.exe	99
PID 4780 wrote to memory of 3100	4780	Unicorn-4027.exe	99
PID 4880 wrote to memory of 2028	4880	Unicorn-35273.exe	101
PID 4880 wrote to memory of 2028	4880	Unicorn-35273.exe	101
PID 4880 wrote to memory of 2028	4880	Unicorn-35273.exe	101
PID 1652 wrote to memory of 2940	1652	Unicorn-15407.exe	100
PID 1652 wrote to memory of 2940	1652	Unicorn-15407.exe	100
PID 1652 wrote to memory of 2940	1652	Unicorn-15407.exe	100
PID 2204 wrote to memory of 2948	2204	Unicorn-49699.exe	106
PID 2204 wrote to memory of 2948	2204	Unicorn-49699.exe	106
PID 2204 wrote to memory of 2948	2204	Unicorn-49699.exe	106
PID 3292 wrote to memory of 3604	3292	Unicorn-32829.exe	107
PID 3292 wrote to memory of 3604	3292	Unicorn-32829.exe	107
PID 3292 wrote to memory of 3604	3292	Unicorn-32829.exe	107
PID 2960 wrote to memory of 4792	2960	Unicorn-4027.exe	108
PID 2960 wrote to memory of 4792	2960	Unicorn-4027.exe	108
PID 2960 wrote to memory of 4792	2960	Unicorn-4027.exe	108
PID 3100 wrote to memory of 540	3100	Unicorn-40120.exe	109
PID 3100 wrote to memory of 540	3100	Unicorn-40120.exe	109
PID 3100 wrote to memory of 540	3100	Unicorn-40120.exe	109
PID 4780 wrote to memory of 2856	4780	Unicorn-4027.exe	110
PID 4780 wrote to memory of 2856	4780	Unicorn-4027.exe	110
PID 4780 wrote to memory of 2856	4780	Unicorn-4027.exe	110
PID 2028 wrote to memory of 3472	2028	Unicorn-8002.exe	111
PID 2028 wrote to memory of 3472	2028	Unicorn-8002.exe	111
PID 2028 wrote to memory of 3472	2028	Unicorn-8002.exe	111
PID 2948 wrote to memory of 4764	2948	Unicorn-22558.exe	118
PID 2948 wrote to memory of 4764	2948	Unicorn-22558.exe	118
PID 2948 wrote to memory of 4764	2948	Unicorn-22558.exe	118
PID 2940 wrote to memory of 4196	2940	Unicorn-29491.exe	119
PID 2940 wrote to memory of 4196	2940	Unicorn-29491.exe	119
PID 2940 wrote to memory of 4196	2940	Unicorn-29491.exe	119
PID 3604 wrote to memory of 4308	3604	Unicorn-51853.exe	120
PID 3604 wrote to memory of 4308	3604	Unicorn-51853.exe	120
PID 3604 wrote to memory of 4308	3604	Unicorn-51853.exe	120
PID 4792 wrote to memory of 4460	4792	Unicorn-10498.exe	121
PID 4792 wrote to memory of 4460	4792	Unicorn-10498.exe	121
PID 4792 wrote to memory of 4460	4792	Unicorn-10498.exe	121
PID 3292 wrote to memory of 2944	3292	Unicorn-32829.exe	122
PID 3292 wrote to memory of 2944	3292	Unicorn-32829.exe	122
PID 3292 wrote to memory of 2944	3292	Unicorn-32829.exe	122
PID 540 wrote to memory of 1336	540	Unicorn-9175.exe	123

C:\Users\Admin\AppData\Local\Temp\dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe
"C:\Users\Admin\AppData\Local\Temp\dc1235b41c1ba8402736f226d06598663f53d25593f3f6ab065468423cb4684cN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        10⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        11⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        12⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        13⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        14⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        15⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        16⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        17⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 624
        12⤵
        Program crash
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        11⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        12⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        13⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        14⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        15⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        16⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        17⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        12⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        13⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        14⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        15⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        15⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        16⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 716
        9⤵
        Program crash
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        10⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        11⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        12⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        13⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        14⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        15⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        16⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        17⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        18⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        14⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        15⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        16⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        17⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        11⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        12⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        13⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        14⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        15⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        10⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
        11⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 740
        9⤵
        Program crash
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        12⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        13⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        14⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        15⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 648
        12⤵
        Program crash
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 736
        7⤵
        Program crash
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65029.exe
        10⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        11⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        12⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        13⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        14⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        15⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        16⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        17⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        11⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        12⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
        8⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8812.exe
        9⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 744
        8⤵
        Program crash
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        8⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        11⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        12⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        13⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        14⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        15⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        16⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        12⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        13⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        14⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 636
        11⤵
        Program crash
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        13⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        14⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        15⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 712
        7⤵
        Program crash
        
        PID:4604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 748
        6⤵
        Program crash
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48449.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        11⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        12⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10556.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        12⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        14⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        15⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29081.exe
        16⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        15⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        16⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        10⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        12⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        13⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        14⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        15⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        16⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        12⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        13⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        14⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        15⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 740
        7⤵
        Program crash
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        7⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        11⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
        13⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        14⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21946.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 740
        7⤵
        Program crash
        
        PID:4988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 776
        6⤵
        Program crash
        
        PID:3508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 748
        5⤵
        Program crash
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        10⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        11⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        12⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        13⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        14⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37697.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        11⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        12⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        13⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        14⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        15⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        16⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        12⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        13⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        14⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 740
        9⤵
        Program crash
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 688
        8⤵
        Program crash
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        11⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        12⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        13⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        14⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        15⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        16⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        9⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        11⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        12⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        12⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        13⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28583.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        7⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        10⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        12⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        13⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        14⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50108.exe
        15⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        16⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        17⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        11⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        12⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        13⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        14⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        15⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        12⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        13⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        14⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        10⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        12⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
        13⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        14⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        15⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        12⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        14⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        15⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        11⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        12⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        13⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9324.exe
        14⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        15⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 724
        9⤵
        Program crash
        
        PID:6572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 716
        6⤵
        Program crash
        
        PID:1524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 748
        5⤵
        Program crash
        
        PID:2452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 740
      4⤵
      Program crash
      PID:752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        10⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
        11⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        11⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        12⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        13⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 748
        7⤵
        Program crash
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        7⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        9⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        11⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        12⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        13⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        14⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        15⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 748
        7⤵
        Program crash
        
        PID:5256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 756
        6⤵
        Program crash
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        12⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        13⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        14⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        15⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        16⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        10⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        12⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        13⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        14⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        16⤵
        
        PID:388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 664
        13⤵
        Program crash
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        12⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27612.exe
        13⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        14⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        15⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 656
        12⤵
        Program crash
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 624
        9⤵
        Program crash
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        9⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        11⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        12⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        12⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        13⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        14⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        15⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 628
        7⤵
        Program crash
        
        PID:6700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 740
        6⤵
        Program crash
        
        PID:3820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 752
        5⤵
        Program crash
        
        PID:2920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 740
      4⤵
      Program crash
      PID:1000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 744
    3⤵
    - Program crash
    PID:4352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29648.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        11⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        12⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        13⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        14⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        15⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        16⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        17⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 748
        13⤵
        Program crash
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        11⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        12⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        13⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        14⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
        16⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18569.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
        12⤵
        
        PID:516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 716
        8⤵
        Program crash
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        11⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        12⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        13⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        14⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        15⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        16⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        11⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        12⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        14⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        15⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        16⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        12⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        13⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        14⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 720
        7⤵
        Program crash
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        11⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        12⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        13⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        14⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        15⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        16⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        17⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        13⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        14⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        15⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        16⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        10⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
        12⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        13⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        14⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        15⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        16⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
        13⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        14⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        12⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        13⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        14⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        11⤵
        
        PID:264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 752
        6⤵
        Program crash
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        12⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        9⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        11⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        12⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        13⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        14⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        15⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        16⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        9⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        10⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60333.exe
        11⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 764
        7⤵
        Program crash
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        11⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47837.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        12⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        13⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        14⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        11⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        12⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
        14⤵
        
        PID:6872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 756
        6⤵
        Program crash
        
        PID:2624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 716
        5⤵
        Program crash
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        11⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        12⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        13⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        14⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        15⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        16⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        13⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        14⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56493.exe
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        11⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        12⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
        13⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        15⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        11⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        12⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        13⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        14⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 636
        10⤵
        Program crash
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        9⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        10⤵
        
        PID:6048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 712
        6⤵
        Program crash
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        9⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        10⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        12⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        13⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        14⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
        6⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        11⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        12⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        13⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        14⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        15⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        11⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        12⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        13⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        14⤵
        
        PID:5464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 724
        5⤵
        Program crash
        
        PID:1656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 756
      4⤵
      Program crash
      PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        8⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
        10⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        11⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57684.exe
        12⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        13⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
        14⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
        15⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        16⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        13⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        14⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        15⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 652
        13⤵
        Program crash
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 720
        7⤵
        Program crash
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4915.exe
        9⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
        12⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        13⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        14⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
        15⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        9⤵
        
        PID:1760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 740
        6⤵
        Program crash
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20541.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
        10⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        10⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63512.exe
        12⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        13⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 616
        10⤵
        Program crash
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61467.exe
        11⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54036.exe
        12⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        13⤵
        
        PID:5848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 752
        5⤵
        Program crash
        
        PID:3536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 740
      4⤵
      Program crash
      PID:4416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 744
    3⤵
    - Program crash
    PID:2312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 744
  2⤵
  - Program crash
  PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3332 -ip 3332
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2692 -ip 2692
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1652 -ip 1652
1⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4880 -ip 4880
1⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2960 -ip 2960
1⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4780 -ip 4780
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2204 -ip 2204
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3292 -ip 3292
1⤵
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3100 -ip 3100
1⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2940 -ip 2940
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2028 -ip 2028
1⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2948 -ip 2948
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3604 -ip 3604
1⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4792 -ip 4792
1⤵
PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 540 -ip 540
1⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2856 -ip 2856
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3472 -ip 3472
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4764 -ip 4764
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4196 -ip 4196
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4308 -ip 4308
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4460 -ip 4460
1⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2944 -ip 2944
1⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1860 -ip 1860
1⤵
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1336 -ip 1336
1⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2304 -ip 2304
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5100 -ip 5100
1⤵
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1976 -ip 1976
1⤵
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1564 -ip 1564
1⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4156 -ip 4156
1⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3832 -ip 3832
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1788 -ip 1788
1⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1292 -ip 1292
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3256 -ip 3256
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4872 -ip 4872
1⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2692 -ip 2692
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4704 -ip 4704
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3528 -ip 3528
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2888 -ip 2888
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4228 -ip 4228
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1208 -ip 1208
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 736 -ip 736
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1480 -ip 1480
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2484 -ip 2484
1⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1560 -ip 1560
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3224 -ip 3224
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 688 -ip 688
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2236 -ip 2236
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4528 -ip 4528
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4540 -ip 4540
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4396 -ip 4396
1⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2172 -ip 2172
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2024 -ip 2024
1⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3140 -ip 3140
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1576 -ip 1576
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4908 -ip 4908
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3176 -ip 3176
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4760 -ip 4760
1⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3056 -ip 3056
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2784 -ip 2784
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3108 -ip 3108
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4516 -ip 4516
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3404 -ip 3404
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4184 -ip 4184
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4200 -ip 4200
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4512 -ip 4512
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4480 -ip 4480
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1112 -ip 1112
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5032 -ip 5032
1⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3336 -ip 3336
1⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 740 -ip 740
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3844 -ip 3844
1⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1320 -ip 1320
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2724 -ip 2724
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 2076 -ip 2076
1⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2964 -ip 2964
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 428 -ip 428
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4332 -ip 4332
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3920 -ip 3920
1⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3016 -ip 3016
1⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4224 -ip 4224
1⤵
PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 2072 -ip 2072
1⤵
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 464 -ip 464
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4088 -ip 4088
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4764 -ip 4764
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3052 -ip 3052
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4460 -ip 4460
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5112 -ip 5112
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 228 -ip 228
1⤵
PID:1312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 4780 -ip 4780
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2728 -ip 2728
1⤵
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5040 -ip 5040
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3912 -ip 3912
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5060 -ip 5060
1⤵
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2600 -ip 2600
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3236 -ip 3236
1⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1156 -ip 1156
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 764 -ip 764
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3172 -ip 3172
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4560 -ip 4560
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4264 -ip 4264
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2884 -ip 2884
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3860 -ip 3860
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4748 -ip 4748
1⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1616 -ip 1616
1⤵
PID:1260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4336 -ip 4336
1⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2676 -ip 2676
1⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4788 -ip 4788
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5328 -ip 5328
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4220 -ip 4220
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 760 -ip 760
1⤵
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4880 -ip 4880
1⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 1880 -ip 1880
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5312 -ip 5312
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5444 -ip 5444
1⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5468 -ip 5468
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5460 -ip 5460
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 2276 -ip 2276
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5396 -ip 5396
1⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5840 -ip 5840
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5644 -ip 5644
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2916 -ip 2916
1⤵
PID:1352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5304 -ip 5304
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5344 -ip 5344
1⤵
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 3332 -ip 3332
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2668 -ip 2668
1⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5296 -ip 5296
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5860 -ip 5860
1⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5712 -ip 5712
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6060 -ip 6060
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5900 -ip 5900
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5992 -ip 5992
1⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5908 -ip 5908
1⤵
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5636 -ip 5636
1⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 532 -ip 532
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 776 -ip 776
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5812 -ip 5812
1⤵
PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5160 -ip 5160
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5164 -ip 5164
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5784 -ip 5784
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5388 -ip 5388
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5720 -ip 5720
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5740 -ip 5740
1⤵
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2188 -ip 2188
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 696 -ip 696
1⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5292 -ip 5292
1⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5372 -ip 5372
1⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3004 -ip 3004
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5376 -ip 5376
1⤵
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5128 -ip 5128
1⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 6020 -ip 6020
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4352 -ip 4352
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5960 -ip 5960
1⤵
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5820 -ip 5820
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5576 -ip 5576
1⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5144 -ip 5144
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5776 -ip 5776
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6052 -ip 6052
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1624 -ip 1624
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3584 -ip 3584
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5532 -ip 5532
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5284 -ip 5284
1⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5940 -ip 5940
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5552 -ip 5552
1⤵
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1664 -ip 1664
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5760 -ip 5760
1⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5440 -ip 5440
1⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5136 -ip 5136
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 6068 -ip 6068
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 3820 -ip 3820
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5852 -ip 5852
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1524 -ip 1524
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3376 -ip 3376
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3256 -ip 3256
1⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6156 -ip 6156
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5732 -ip 5732
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6240 -ip 6240
1⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1228 -ip 1228
1⤵
PID:696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6172 -ip 6172
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5324 -ip 5324
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2312 -ip 2312
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5796 -ip 5796
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5948 -ip 5948
1⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5080 -ip 5080
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5244 -ip 5244
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3380 -ip 3380
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5804 -ip 5804
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5404 -ip 5404
1⤵
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6120 -ip 6120
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5608 -ip 5608
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6412 -ip 6412
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6452 -ip 6452
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6508 -ip 6508
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6608 -ip 6608
1⤵
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5204 -ip 5204
1⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6440 -ip 6440
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6528 -ip 6528
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6464 -ip 6464
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5508 -ip 5508
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4652 -ip 4652
1⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6408 -ip 6408
1⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6668 -ip 6668
1⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2888 -ip 2888
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6460 -ip 6460
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6588 -ip 6588
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6740 -ip 6740
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 6224 -ip 6224
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1328 -ip 1328
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6476 -ip 6476
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7084 -ip 7084
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6148 -ip 6148
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 6964 -ip 6964
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6348 -ip 6348
1⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7016 -ip 7016
1⤵
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 7008 -ip 7008
1⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6164 -ip 6164
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3100 -ip 3100
1⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6536 -ip 6536
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6852 -ip 6852
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6400 -ip 6400
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 1576 -ip 1576
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 6256 -ip 6256
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7068 -ip 7068
1⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6940 -ip 6940
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7148 -ip 7148
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4576 -ip 4576
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3140 -ip 3140
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6724 -ip 6724
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2256 -ip 2256
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6932 -ip 6932
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6896 -ip 6896
1⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4552 -ip 4552
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5008 -ip 5008
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6292 -ip 6292
1⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 2320 -ip 2320
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6808 -ip 6808
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1712 -ip 1712
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 1984 -ip 1984
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6888 -ip 6888
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5076 -ip 5076
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4828 -ip 4828
1⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5876 -ip 5876
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6472 -ip 6472
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6912 -ip 6912
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3404 -ip 3404
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 4548 -ip 4548
1⤵
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 4184 -ip 4184
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3764 -ip 3764
1⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 3984 -ip 3984
1⤵
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 4856 -ip 4856
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3616 -ip 3616
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2172 -ip 2172
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3564 -ip 3564
1⤵
PID:776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4732 -ip 4732
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3636 -ip 3636
1⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1828 -ip 1828
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1332 -ip 1332
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4516 -ip 4516
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 3292 -ip 3292
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3920 -ip 3920
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5936 -ip 5936
1⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4816 -ip 4816
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4416 -ip 4416
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5060 -ip 5060
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3552 -ip 3552
1⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5672 -ip 5672
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5664 -ip 5664
1⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5216 -ip 5216
1⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7124 -ip 7124
1⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 4176 -ip 4176
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1728 -ip 1728
1⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 6128 -ip 6128
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6220 -ip 6220
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4100 -ip 4100
1⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1048 -ip 1048
1⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7028 -ip 7028
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3340 -ip 3340
1⤵
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5360 -ip 5360
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6680 -ip 6680
1⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1848 -ip 1848
1⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5516 -ip 5516
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6048 -ip 6048
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4372 -ip 4372
1⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3908 -ip 3908
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5708 -ip 5708
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4088 -ip 4088
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5344 -ip 5344
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6000 -ip 6000
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3556 -ip 3556
1⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6936 -ip 6936
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 264 -ip 264
1⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5864 -ip 5864
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 516 -ip 516
1⤵
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6136 -ip 6136
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 1760 -ip 1760
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 680 -ip 680
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5912 -ip 5912
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2452 -ip 2452
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4724 -ip 4724
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 536 -ip 536
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4036 -ip 4036
1⤵
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4192 -ip 4192
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 1636 -ip 1636
1⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5352 -ip 5352
1⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6032 -ip 6032
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 6752 -ip 6752
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3384 -ip 3384
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6132 -ip 6132
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 336 -ip 336
1⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1824 -ip 1824
1⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5576 -ip 5576
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6028 -ip 6028
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5788 -ip 5788
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 976 -ip 976
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5536 -ip 5536
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5752 -ip 5752
1⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3344 -ip 3344
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 872 -ip 872
1⤵
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4276 -ip 4276
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5640 -ip 5640
1⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4528 -ip 4528
1⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5504 -ip 5504
1⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6700 -ip 6700
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6108 -ip 6108
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6332 -ip 6332
1⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4228 -ip 4228
1⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6620 -ip 6620
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6488 -ip 6488
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3988 -ip 3988
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4460 -ip 4460
1⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5220 -ip 5220
1⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 3032 -ip 3032
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 3912 -ip 3912
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5732 -ip 5732
1⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 864 -ip 864
1⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 4300 -ip 4300
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5644 -ip 5644
1⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3180 -ip 3180
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5940 -ip 5940
1⤵
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5224 -ip 5224
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4900 -ip 4900
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5816 -ip 5816
1⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5572 -ip 5572
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3840 -ip 3840
1⤵
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 4376 -ip 4376
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4316 -ip 4316
1⤵
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5164 -ip 5164
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5280 -ip 5280
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3176 -ip 3176
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6096 -ip 6096
1⤵
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6172 -ip 6172
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2028 -ip 2028
1⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5468 -ip 5468
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6660 -ip 6660
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6980 -ip 6980
1⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6232 -ip 6232
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1260 -ip 1260
1⤵
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6872 -ip 6872
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7144 -ip 7144
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6444 -ip 6444
1⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3212 -ip 3212
1⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5152 -ip 5152
1⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6824 -ip 6824
1⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7104 -ip 7104
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4880 -ip 4880
1⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5248 -ip 5248
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 640 -ip 640
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5508 -ip 5508
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5080 -ip 5080
1⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2308 -ip 2308
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6316 -ip 6316
1⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6560 -ip 6560
1⤵
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5972 -ip 5972
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2320 -ip 2320
1⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5388 -ip 5388
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6812 -ip 6812
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6224 -ip 6224
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1812 -ip 1812
1⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6360 -ip 6360
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5768 -ip 5768
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5436 -ip 5436
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6368 -ip 6368
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5340 -ip 5340
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5104 -ip 5104
1⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5656 -ip 5656
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6896 -ip 6896
1⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2572 -ip 2572
1⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1972 -ip 1972
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2236 -ip 2236
1⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2176 -ip 2176
1⤵
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5304 -ip 5304
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5364 -ip 5364
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5948 -ip 5948
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6404 -ip 6404
1⤵
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5032 -ip 5032
1⤵
PID:5520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe

Filesize
184KB

MD5
fe7f9e580cd68065198bf1ddd695653e

SHA1
a2b48c424df50a065d8eb3d414ad692d64ca8c0c

SHA256
d3e84eb25e04273c5555ae83b42d6fc0b3c7cc8a78731b3be3f595de26f71c39

SHA512
9ad9ea8ff6b5671ab7619dbe66ea36be3546e22c00a72b0c0ab480b3a38ee04ea64d0d9e8c12ebfd199d7c66c90064318ef0404b9f5baddf0c066151f372b066

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe

Filesize
184KB

MD5
a5df58f8e76ca4d5c40a4a3326ad5005

SHA1
dbdb6bc071b910dab0f5c05272faf8c44d412323

SHA256
020be33c67cfc5739cd08348d1f27d9bb801f4131949a107b8bc0f6f98f90cd9

SHA512
a4b8aad3d61376c53520a302cb0698b4e82d08717a89ecd0f56c2f1766bb876ac4d9caf152c9c80e6be53b6a65f8ea16aa903c18ef1d4b9a04623e3478291780

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe

Filesize
184KB

MD5
55ae8e34f47c2649fed5169ce111c94a

SHA1
412695c2534dfe5d104e2281f11e23a36db0ccfe

SHA256
d8a22b63882e832f75908048a395f376fafd3f2b0dc50651c611528b946e0008

SHA512
fc1742a19ee2172ba8b84adc0e553455a3b64266832c83ae89aeaece93d0d0cb411b4c33bb79323a59c6aa3ef209bd1bb66045102e348aa9c1f657a891083dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe

Filesize
184KB

MD5
19069b7fcf6ce884f6df8c45e852f1ef

SHA1
9984f59fe6ead985ec34f4af4b0d28207e7c5e03

SHA256
7b63b6a0a71af5fc2ec9fe10b8b53b0996d3abd47d6e2733ca3388712e20fbec

SHA512
68773861f246e51f46f16481c5d218c78f548c30514d09acbeb238e2833e765946fe2e1be9a586dac82f58df48767b14fbcdb18f66d4adc2d5f2ba58fa2a38b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe

Filesize
184KB

MD5
2b989c3eabc4c16c78cb9051c7b37d50

SHA1
f7094123465e42f2c38050d3b9cd67738a6213ce

SHA256
c95357da717ca948967900c71b20886b1829f16daab64b780c9aab9ed5e8191e

SHA512
b396011b24c251c60a4d28fc0748fadf965d17653d7eb23066ba3d803639bd5b63f0742383c9b5143e1a0d1f930504b1b9b9600aa2adfc1d6341de818a84de51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe

Filesize
184KB

MD5
a91be47e9f080c29e1ca9e7515947be4

SHA1
e56fb25e43908fc80f7ccb0c300b737f8ac67c52

SHA256
32bf192a2d8977071cd0e5029e2211ad806581113390c48de55821a0f9934bfd

SHA512
5afc31f880a8ec990a639bb7c42cbff0e011fd6c2a736a0505ba5983fbd04cd790cc4fb0a9e908b5f7b591d2072f129b34a0b1f60b00c995e99c0e9d76d3ed7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe

Filesize
184KB

MD5
ee2d247dd1bc26c1b69864aa1723ca27

SHA1
a818c714f5c9eec1bd487b476d103d2c5871f493

SHA256
35d1a7a4803c4cfa84ce1911638e99f474609a9a0b44b52834a661ca20a7829b

SHA512
7a447c49042bcae9ba7d401f2604b92d31c9c9582a2c4df57b9ed36e431e860d545a564a1d77d06f728a5d13fa5b2d3f50c166598f34eb7efb721e254a6d469c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe

Filesize
184KB

MD5
cbfce053e95c1e4dda1253a2f866b1ff

SHA1
2c74e484a4bfe1944ed2334b18516d07f9192e6b

SHA256
b1255312ebd6a31a6a809a6f5d9ddcae82f7c7168f5f696b9e5a2d7ddc473efa

SHA512
4c57b0a1f42f068bd9e9d6ba5f909c0509ac3e8e39aff48b34d1a90762e43d4fa0259645bbf7ea4551dea3e84565cc0d785dd2ee5e109bdf7a69dc018db7a1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22558.exe

Filesize
184KB

MD5
a9ca4a47567c56595a8c5a4b3a82a483

SHA1
f837bda852d358a12617a0ad70b507a0d2ecca9d

SHA256
7ab2fad54761d6714820fbee44c27a1c5d47bd5490303b329a35fa6913231c77

SHA512
0bc83928685004163d2c0c0f1812bf53c06c475b1d6aebb4ff8e57ecffb47f1bc270a662336a4f1a2eac8c57fc767f59e6597ce7e885dd4258cc8f85ca8d3dfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe

Filesize
184KB

MD5
772a9b8ed464a62b6dec24b204fc6607

SHA1
3de32b38be3f889f123ae751bbb545db41a4a97b

SHA256
5fd5bf2e0be312f07d33b2e249514335778bed89129dd1e244f9de424c620a75

SHA512
5ea8becd10fcddf617b9b9477cec886196d94b58439bcb2603f80ac69369c32ac01a28f64c3ce25598af73232c2a97c4e176d3e33818478c4913d734c912fe86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe

Filesize
184KB

MD5
103dcad70cf6561ed2177f43a3387b1d

SHA1
563223598d24ba4df17e4ad3fb5179bb2247547f

SHA256
1c5302116b86fb7413dc1da0b7529060ac90a77681de03bcc0312ccb721812c8

SHA512
f9fc836ab3089c7878b7079e90e80952c48a644561560ee4ba70b2b5956aad666aaf95518244b06dd16cde0ee337912b60e530ac20ae1eeb98dfc3d93dde0997

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe

Filesize
184KB

MD5
7c5b033a615aa5917c8e23700cee8411

SHA1
a8c19df9ef0865585b00337fc34f97c2a7d679e0

SHA256
4b6e47f5a5f9d366980741a3161e17fb1f7b8ff86c41885c98668885c250e3af

SHA512
be78c00d06ceedc63ec8919893e1f5c6b07aecb8f20a41927315a72a039031bb3cb4fd1a25ebc61375d750486cfc070ad5b2d5060a129ada36bf674055ef89db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe

Filesize
184KB

MD5
2fe4a50eacaa1860c9bac9fdff6eea78

SHA1
0be52b56bf48d90bb175e637cfead28ad285190d

SHA256
72682b3f563dbce9b035296a4a2976e3b8000d64d2683b21db833a3f9bdf0b9f

SHA512
914932fdcd86281bb7be4046f631f71cf15db613b0699295d154b79b4e9390bf808a41e934ed3eac640c9c3fa4d9d43406572522bbf23aead2c411bbc053c347

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe

Filesize
184KB

MD5
56a132ce61779eb7c5de8795481e093b

SHA1
8b323e0eb7a538a18b40701f627fe673f8b03df8

SHA256
1ecc3bd6634cd413a85ac2f3f359d300b257a669c4ea3fccefe27117b0cee5da

SHA512
b879411f5f9a2a61f8ce09ec677d5c877647ab6b375be460a55f5d16f6258529de4da506b86b0fbf73edfd199d1cb2623640da65ad058e553a0545fd6b329485

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe

Filesize
184KB

MD5
fe7f34986d44221527d21ffc50cec5e3

SHA1
8e3efac3b2bfb56503436a6fb7c1d48063c8953a

SHA256
6e6d1b00c35c99c4397a3d0f9f128d1337410344d9b3967e59e263364a0a00d3

SHA512
6d62b5c3e4c1284701d16a4c04951c54fff3ca8afc20ebebab6990638643c1a79b118e81a6041a7a9482c2dbc7dbf1f272a99f4f53bdea6bc7fb38a74ccf096a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe

Filesize
184KB

MD5
43f5a7d09a256dbc57eeae53950fc358

SHA1
b0ec005f018d394fa3ed6c87af99b7b48513abf9

SHA256
269683b470c9b87e3e6cb3c7d33efc43606a22c36205deda2f97ac1996f14426

SHA512
a290f9046350f4cd88b3b41f036d7d26b9764836802cedc304fd0fd74fc82253927001be34842e61cbeaca23413f8b6ca4833117146d03a5c1490f8381b2533a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe

Filesize
184KB

MD5
eb4754b8655eabea8e3ce0eb974f265f

SHA1
57cef51df9141f1b1c128c3f99f207cb596ca2d0

SHA256
6e3798c2adcd983850b0367dc0ec46a9da2cfe24149bb1225ba32f1951eb0e43

SHA512
639d9b8ca9f3699e50f60675ff334d74f25746a78478c09daf78c77f9459b54b1f39b6cc2838997174c09bbf49b731ff1b139d5bf33ed3ad0a27600608656438

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe

Filesize
184KB

MD5
df3e9f6c5a52a52812b80a0d178544bb

SHA1
f1f7cbe32b6699a0589888b41bf7792f19b49303

SHA256
16390de8acbbf0e13b87e85fce9be7d9c46101f33e07efb201ac88b42a1bf45a

SHA512
8c580c23a1576afedf833899d28493b124b095baa140b630982b8b919fe0f6507df251b60ee54eb2c2624c1efa7e6ac7632b0ce4a9add393d9646e92b1464718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe

Filesize
184KB

MD5
71ac7db969041b4aca80b9bc08045bb3

SHA1
87b7102e96ea85b127826b1fcbda1162eed98aa5

SHA256
e990483b67280556f141d659c3637a3d7e09d5b6d5c0f2b0b12efc883bee5848

SHA512
6f54e4f1670ae09f40934bf5130a7fbfba7a34d1bf69c599904fc97e95e80c556bd0f460fd36d724b0ae98c6c046d735be04470bd20a40e65125c7d9add06e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe

Filesize
184KB

MD5
f1d0fd184cdd7221065520fa79610744

SHA1
741fe90990f49d1afa75885d891ecc5201935033

SHA256
1dda450eff538c09c6909087fcc8612e37c24e7ff5a676c6b13c2b2db5857fc5

SHA512
0a6aae7cb7efb88592a34082a2ab3a068d165de8621ff96529139f4cc1c54e174300df4bf52d5b7f8514bee0bfacf66f3f56a12f0e4953903ad90000afa5ecff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3866.exe

Filesize
184KB

MD5
865954b72aaaf9735559264694a2faad

SHA1
c38f10beea39e9fa42f369f8367a81b8fa17e0d1

SHA256
72e5d789d83400683fc020aa0aa21f5971981c4e75c4d57a023f1f146af15759

SHA512
af558615869a7c0f2b6f854369879ffa07fda31dacb9ecffc4ca35d2661a0259b4fc8bc33656a114c66a04e555d3b82e88e76abb127a32e942e4036863aa49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe

Filesize
184KB

MD5
6768aeb64b18d218d8115b2b234ea989

SHA1
fe73fff20b1a4079fcbc4fc3ecbbe78c4247e939

SHA256
778377e9fbe4e8034f76d444e15eb8524954e0f84a6d2f711ec0db946f9032ac

SHA512
d85d91dd898d06ba52ff413754e0729f734debff1ebb24500e6c9c55cee771ba9b046e46a69307b5e03c0c442b7506cd7193cd99ec8745ddb68ae599c17f5234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe

Filesize
184KB

MD5
f5c075a5df74162551fb91289e043ee9

SHA1
8b0144f7648f66da0536399cdbfef2b4e1d88d89

SHA256
3e714c538192c5754f8fefa30a539a499878ab2600d5f0fa71345e4dca426378

SHA512
3395a224f063f68f5d32fc44bcd57df7680c79b13b436e0f59bd7f418911acbde5c7fde3af5ead7b07cb623a2305a122d884ff861b8dfbccabe8589f42fbbafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe

Filesize
184KB

MD5
3a04292075389c80918615289715bf4c

SHA1
9c6fe46749a1b4a29d797afd0384607e59d9bc70

SHA256
85774d9d2b3b1641a66e742f7814c09567e318574b88e752eb5efb20fb30b36d

SHA512
e2aba67e14196d4d28a3b7a6cc36ce764bd5758dedc8010b77782fb28dcc936126809fd15d2f8069efd605d4aba27dacb8adaa167c3b3b8f3d7f9ad20b8fb7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe

Filesize
184KB

MD5
01ff8d86d36997beee581197e269c9c4

SHA1
ff2a148325ca44b6f2a13a1436c51449ce169ec1

SHA256
5771970585476eb88be42979fd4d73ec08195a38d1d7ff906dfa652d95566c3e

SHA512
776a3a3eb99c5e6a1df97becab8ee9dea38357f035d61be1d0fdff9f0519aee69695507f19e8e504a3650d1072119ea17aa1e52f76204d4804f7b44db432c905

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe

Filesize
184KB

MD5
75fcb2df5bdf6048f746e08d948b2e38

SHA1
c107768112b47735464f1fb03f477c3c60a00ee4

SHA256
dbb6f2263fea4650ebc4b82d22c22826fdeb00de9aa7552e90395ade44680e07

SHA512
dc401f752119783527029fd7dc3011288853ff00f7d1022399eba10bfdefe2602be5b7eac9432272ff18ee7a933c20514d5743976d1d941028ee6732affc0498

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe

Filesize
184KB

MD5
c1c441bd0e5c4f82a6ae45c984943a3f

SHA1
098291800c7e711ff692f72f14c649f5512aad99

SHA256
8507ab385fb634a93de12c5b4b357829fcd12862aec7ff376fea13496ba6e716

SHA512
114591154523f89f1d5c898b183bf19e4fcd71c7f9b3ddf333221ff9995ddb09b5b0fbe103d2ce5bb92c1672e5684f5baf127861327b97b1e130cd634b40f2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe

Filesize
184KB

MD5
11479e188bc4f469e8c03b938e993050

SHA1
5a29e87555670d1de05adf126c59e3c68da5d06c

SHA256
ef3782a8c56b4d26d74c08ac50e1024c88c4c3cb62af3bba83129f62fdb2ee26

SHA512
5ddeb73a80810e824a72ad8ee485db023523aa2cdad6c99d56affc2ab41f818e6bf565fbcf8e9dc10125b3b38ad640d1372ea7680783df5b0dc8a4b77b265eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe

Filesize
184KB

MD5
afb3b2a49c90e80d2360c3e372a41536

SHA1
c3fcc4d11bc096cb955b343d6c09c7a98c573a74

SHA256
e91f947195674d44196e385dd37942baa1acf1b45981407cac1a9530adc9c5ed

SHA512
fdf93120b067f1ca1d34fd5d1e4b8611a283d9676a82003c8e8ac19d6bba9c93764d38ef056b3038c506e5415bdb7da9684338ff73cc8d69527b398531c786d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49689.exe

Filesize
184KB

MD5
943772c3c9bdba90265e32c2be89b51e

SHA1
a1fd8d505da023c2bb680bb606f065de423c40ad

SHA256
6b2a50664d9267c3b6cb22600a1c85c4baafa0bf330a6eb654e933b359e8a380

SHA512
882905369873a5b0593f9f5c95960d6c5bb4214010b4f52e053f998029872b3e78216034d0cc2491c71251af46f5da1d731ee66fd871db8df8b2595c2beb332b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe

Filesize
184KB

MD5
962b1f866d384e398ab309275ff0ce72

SHA1
47439391872f6ff521b25a9e1e9fabf04561b7fb

SHA256
225f1a3b5212b79c61ab1508490d4b82a38890b2049778f5c7d1b9721e4aa942

SHA512
4015f8a7f40db83824f13d3d3d2fefdd0958971286b1c2e079b16615f009aae3ee0f01fbbb2d36ceaff1782b8004d98f2139970b13068a53dfa01e86b535abb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe

Filesize
184KB

MD5
3d1268d254d0aae2a6a6c0d70e30073e

SHA1
73db32096b149616970e73b23396f82c1f874c6d

SHA256
3541a04b47004bf3ec77cd9ce1f592b91964ed740da290cec1f4d5d4c1589520

SHA512
8f00aa194d52a9bb2aa759c37be7b0c19233c7fa07a457b2d730f93058d59493211c521f1995d6824c2e000d834639847bd5045676115be52235966f7be38bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe

Filesize
184KB

MD5
823d63c9488762f55595090f3ff36abf

SHA1
adf80350beaa83e0b402adfa6fd2b99b0ec85c0d

SHA256
cac2d4abbe5c35876b37648325daac95a01c0a674568aceee6520773e71ca1fe

SHA512
c42dc9239d8ae25577f2e35e164bf8c055ab0f0c465e08163ea3fd07285c7b57588737e45694f4b60f127546dce3f1a7bc2505c847f250518b3911a1488ea71d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe

Filesize
184KB

MD5
62303e88a8a35ac17091bfe43fde197f

SHA1
6febd16f0ca0f1e344bafb809e6ae3b3779b1b74

SHA256
459dd89ff9abf2144a2d77c0c832a66f059d93d869dbfff8291157e9470201e8

SHA512
1ea68dcfd4dcd03283e7267629a5f24889a985340aae9ef45f24dcce263b650ca595432976d70e0e5b5624c727be3c042db81c0de024dbc21d082dbe59b43938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe

Filesize
184KB

MD5
68a6697fc904f49cc699601e734bc5bb

SHA1
176a79b2353a234a7d0b9eb11e9ad7bbbbc28a3b

SHA256
9171810a3f66369b6acc84738ac264d40633aa9ca04ece3981556e20261f2721

SHA512
a9bd8976895e59d23e3ba601fee25d03f1a0087e929674e4965cd5b96b87c6f35d2a13052abcd27dc206602fc2e25cd6cf54f0accea7adbb8d9229971d84aece

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe

Filesize
184KB

MD5
a9a4b2f776e0eb8a9296313584e9c15f

SHA1
4e675016c8bd4ca8c19a07189fd9578698c7b23a

SHA256
722a7c28808f1a1018ed48a2840ce21c9463fb4e3a5230172d7ae39b08a44565

SHA512
66216dc779252dad1529e9c6c82749e398680963acf266f8852fbc4d08b203189f0679362b27c841af9e33c7c0b6cf0bbe66bf5f8e177cd773e04e991b483566

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe

Filesize
184KB

MD5
b4c6ea622c375d244964d8dd694533e3

SHA1
c9077601ade1cb3bc24eaf761e25718859b23e1b

SHA256
b265b93b270bb4609306e1fc4ce806c90f7d3244e1ab23c33568a006f1426f47

SHA512
17f03428a376c68907775f6481b771f9931e56a0a127a6185c3a9c380a97cf31269e1f9b7f8f83ab52c37c6e589cab4a3a1671e8e6d4aef3b3ef5eab5173f39d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe

Filesize
184KB

MD5
1aa3a1b0289ed298321da4f1379f2a77

SHA1
544198e06f8f1aa3c559d13b7600c01a11c7bd3f

SHA256
e8294f65e29b468dd8f4338b5ab07ec740c248d386b75da8dfde1e12f806738b

SHA512
7d5ecab38f77eae435859cf067bc14a11b29031ae43933c3a19aef873757bf42ffe40734e3525c71b09f6389f158e01e44c40e69ec5cef9fc21eea0226297ab4

Download Submit