29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4

Analysis

max time kernel
119s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe
Size

468KB
MD5

38815e2c3222d362b29104f3c3d6ace8
SHA1

d5b43ce21d3148ccfd37abff9115a4880bcfd19e
SHA256

29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4
SHA512

7a2af61866545d72b12c8ad7fe151f22fd938783c14bce903aae529b555b358168430e09defaa30afcbd9496b4fb1363836f39b264248641cc64c99d57c1efa3
SSDEEP

3072:shmCogWxjB8p2bxaPz/Czf8/ECh1IIpo/mHBaVrWSEf3icJEISmY6:shroBip2sPbCzf/0t3SEfvJEIl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 43 IoCs

pid	Process
4456	Unicorn-23569.exe
4136	Unicorn-22583.exe
3156	Unicorn-23905.exe
3788	Unicorn-32479.exe
1060	Unicorn-1752.exe
4700	Unicorn-49370.exe
4480	Unicorn-9510.exe
3604	Unicorn-10065.exe
2304	Unicorn-29931.exe
2856	Unicorn-64741.exe
2012	Unicorn-10065.exe
2172	Unicorn-52079.exe
2524	Unicorn-21907.exe
4960	Unicorn-54025.exe
4672	Unicorn-54025.exe
776	Unicorn-8908.exe
3168	Unicorn-62748.exe
4256	Unicorn-17077.exe
4980	Unicorn-62748.exe
3984	Unicorn-63885.exe
1296	Unicorn-45966.exe
1612	Unicorn-43273.exe
1324	Unicorn-16631.exe
4712	Unicorn-43828.exe
1952	Unicorn-59609.exe
1708	Unicorn-4186.exe
4000	Unicorn-43081.exe
4128	Unicorn-15068.exe
2408	Unicorn-15068.exe
1836	Unicorn-56656.exe
2452	Unicorn-60740.exe
2732	Unicorn-56656.exe
4216	Unicorn-19921.exe
2600	Unicorn-38949.exe
2472	Unicorn-17975.exe
4612	Unicorn-27465.exe
4160	Unicorn-49277.exe
3412	Unicorn-4160.exe
4860	Unicorn-34887.exe
2020	Unicorn-12883.exe
5016	Unicorn-40917.exe
4016	Unicorn-53169.exe
1540	Unicorn-62105.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3980	3412	WerFault.exe	84
4048	3412	WerFault.exe	84
3944	4456	WerFault.exe	88
3868	4456	WerFault.exe	88
1496	4136	WerFault.exe	89
3560	3156	WerFault.exe	90
3264	3156	WerFault.exe	90
2472	4136	WerFault.exe	89
3912	3788	WerFault.exe	101
4996	1060	WerFault.exe	102
3016	4700	WerFault.exe	103
4516	3788	WerFault.exe	101
4508	1060	WerFault.exe	102
4100	4700	WerFault.exe	103
4912	4480	WerFault.exe	110
2660	2856	WerFault.exe	114
3868	3604	WerFault.exe	111
4004	2304	WerFault.exe	113
4680	2856	WerFault.exe	114
3124	4480	WerFault.exe	110
2592	3604	WerFault.exe	111
3228	2304	WerFault.exe	113
1472	2172	WerFault.exe	127
2304	776	WerFault.exe	131
3476	4980	WerFault.exe	133
5180	2172	WerFault.exe	127
5136	4960	WerFault.exe	129
5284	3168	WerFault.exe	132
5688	2524	WerFault.exe	128
3984	1296	WerFault.exe	148
5336	1708	WerFault.exe	153
6176	4128	WerFault.exe	155
6272	2416	WerFault.exe	194
4312	5092	WerFault.exe	216
3264	5564	WerFault.exe	279
1228	5248	WerFault.exe	277
3436	5980	WerFault.exe	290
7184	1508	WerFault.exe	274
7416	996	WerFault.exe	294
7404	5912	WerFault.exe	264
6524	5940	WerFault.exe	289
1164	5896	WerFault.exe	286
2376	5740	WerFault.exe	258
2692	5720	WerFault.exe	295
6132	5920	WerFault.exe	287
1832	5396	WerFault.exe	297
6908	5944	WerFault.exe	266
4820	3108	WerFault.exe	283
6456	5520	WerFault.exe	249
6256	5328	WerFault.exe	242
1976	5308	WerFault.exe	284
4644	5460	WerFault.exe	245
7944	6124	WerFault.exe	272
8108	5596	WerFault.exe	251
8100	5900	WerFault.exe	263
8056	5848	WerFault.exe	261
7996	1812	WerFault.exe	293
8004	5512	WerFault.exe	281
7988	5548	WerFault.exe	304
7980	2232	WerFault.exe	292
6400	5504	WerFault.exe	248
4492	6012	WerFault.exe	268
712	5924	WerFault.exe	265
6196	5764	WerFault.exe	259

System Location Discovery: System Language Discovery 1 TTPs 44 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62105.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe
4456	Unicorn-23569.exe
4136	Unicorn-22583.exe
3156	Unicorn-23905.exe
3788	Unicorn-32479.exe
1060	Unicorn-1752.exe
4700	Unicorn-49370.exe
4480	Unicorn-9510.exe
2304	Unicorn-29931.exe
3604	Unicorn-10065.exe
2856	Unicorn-64741.exe
2012	Unicorn-10065.exe
2172	Unicorn-52079.exe
2524	Unicorn-21907.exe
4960	Unicorn-54025.exe
776	Unicorn-8908.exe
4672	Unicorn-54025.exe
4980	Unicorn-62748.exe
3168	Unicorn-62748.exe
4256	Unicorn-17077.exe
3984	Unicorn-63885.exe
1296	Unicorn-45966.exe
1612	Unicorn-43273.exe
1324	Unicorn-16631.exe
4712	Unicorn-43828.exe
1952	Unicorn-59609.exe
1708	Unicorn-4186.exe
4000	Unicorn-43081.exe
4128	Unicorn-15068.exe
2732	Unicorn-56656.exe
1836	Unicorn-56656.exe
2452	Unicorn-60740.exe
2408	Unicorn-15068.exe
4216	Unicorn-19921.exe
2600	Unicorn-38949.exe
2472	Unicorn-17975.exe
4612	Unicorn-27465.exe
4160	Unicorn-49277.exe
3412	Unicorn-4160.exe
4860	Unicorn-34887.exe
2020	Unicorn-12883.exe
5016	Unicorn-40917.exe
4016	Unicorn-53169.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 4456	3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe	88
PID 3412 wrote to memory of 4456	3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe	88
PID 3412 wrote to memory of 4456	3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe	88
PID 4456 wrote to memory of 4136	4456	Unicorn-23569.exe	89
PID 4456 wrote to memory of 4136	4456	Unicorn-23569.exe	89
PID 4456 wrote to memory of 4136	4456	Unicorn-23569.exe	89
PID 3412 wrote to memory of 3156	3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe	90
PID 3412 wrote to memory of 3156	3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe	90
PID 3412 wrote to memory of 3156	3412	29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe	90
PID 4136 wrote to memory of 3788	4136	Unicorn-22583.exe	101
PID 4136 wrote to memory of 3788	4136	Unicorn-22583.exe	101
PID 4136 wrote to memory of 3788	4136	Unicorn-22583.exe	101
PID 3156 wrote to memory of 1060	3156	Unicorn-23905.exe	102
PID 3156 wrote to memory of 1060	3156	Unicorn-23905.exe	102
PID 3156 wrote to memory of 1060	3156	Unicorn-23905.exe	102
PID 4456 wrote to memory of 4700	4456	Unicorn-23569.exe	103
PID 4456 wrote to memory of 4700	4456	Unicorn-23569.exe	103
PID 4456 wrote to memory of 4700	4456	Unicorn-23569.exe	103
PID 3788 wrote to memory of 4480	3788	Unicorn-32479.exe	110
PID 3788 wrote to memory of 4480	3788	Unicorn-32479.exe	110
PID 3788 wrote to memory of 4480	3788	Unicorn-32479.exe	110
PID 4136 wrote to memory of 3604	4136	Unicorn-22583.exe	111
PID 4136 wrote to memory of 3604	4136	Unicorn-22583.exe	111
PID 4136 wrote to memory of 3604	4136	Unicorn-22583.exe	111
PID 3156 wrote to memory of 2012	3156	Unicorn-23905.exe	112
PID 3156 wrote to memory of 2012	3156	Unicorn-23905.exe	112
PID 3156 wrote to memory of 2012	3156	Unicorn-23905.exe	112
PID 1060 wrote to memory of 2304	1060	Unicorn-1752.exe	113
PID 1060 wrote to memory of 2304	1060	Unicorn-1752.exe	113
PID 1060 wrote to memory of 2304	1060	Unicorn-1752.exe	113
PID 4700 wrote to memory of 2856	4700	Unicorn-49370.exe	114
PID 4700 wrote to memory of 2856	4700	Unicorn-49370.exe	114
PID 4700 wrote to memory of 2856	4700	Unicorn-49370.exe	114
PID 4480 wrote to memory of 2172	4480	Unicorn-9510.exe	127
PID 4480 wrote to memory of 2172	4480	Unicorn-9510.exe	127
PID 4480 wrote to memory of 2172	4480	Unicorn-9510.exe	127
PID 3788 wrote to memory of 2524	3788	Unicorn-32479.exe	128
PID 3788 wrote to memory of 2524	3788	Unicorn-32479.exe	128
PID 3788 wrote to memory of 2524	3788	Unicorn-32479.exe	128
PID 3604 wrote to memory of 4960	3604	Unicorn-10065.exe	129
PID 3604 wrote to memory of 4960	3604	Unicorn-10065.exe	129
PID 3604 wrote to memory of 4960	3604	Unicorn-10065.exe	129
PID 2304 wrote to memory of 4672	2304	Unicorn-29931.exe	130
PID 2304 wrote to memory of 4672	2304	Unicorn-29931.exe	130
PID 2304 wrote to memory of 4672	2304	Unicorn-29931.exe	130
PID 2856 wrote to memory of 776	2856	Unicorn-64741.exe	131
PID 2856 wrote to memory of 776	2856	Unicorn-64741.exe	131
PID 2856 wrote to memory of 776	2856	Unicorn-64741.exe	131
PID 1060 wrote to memory of 3168	1060	Unicorn-1752.exe	132
PID 1060 wrote to memory of 3168	1060	Unicorn-1752.exe	132
PID 1060 wrote to memory of 3168	1060	Unicorn-1752.exe	132
PID 2012 wrote to memory of 4256	2012	Unicorn-10065.exe	134
PID 2012 wrote to memory of 4256	2012	Unicorn-10065.exe	134
PID 2012 wrote to memory of 4256	2012	Unicorn-10065.exe	134
PID 4700 wrote to memory of 4980	4700	Unicorn-49370.exe	133
PID 4700 wrote to memory of 4980	4700	Unicorn-49370.exe	133
PID 4700 wrote to memory of 4980	4700	Unicorn-49370.exe	133
PID 2172 wrote to memory of 3984	2172	Unicorn-52079.exe	147
PID 2172 wrote to memory of 3984	2172	Unicorn-52079.exe	147
PID 2172 wrote to memory of 3984	2172	Unicorn-52079.exe	147
PID 4480 wrote to memory of 1296	4480	Unicorn-9510.exe	148
PID 4480 wrote to memory of 1296	4480	Unicorn-9510.exe	148
PID 4480 wrote to memory of 1296	4480	Unicorn-9510.exe	148
PID 776 wrote to memory of 1612	776	Unicorn-8908.exe	149

C:\Users\Admin\AppData\Local\Temp\29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe
"C:\Users\Admin\AppData\Local\Temp\29879fb8b8138c46632076e0927769dce9e0af20169a98e0e6966c2250fb1ea4.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10548.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        12⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 720
        13⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 604
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 660
        11⤵
        Program crash
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29789.exe
        12⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        13⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        14⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        15⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        16⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 456
        14⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 656
        10⤵
        Program crash
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        10⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        13⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        14⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        15⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        16⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        17⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        18⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 664
        16⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 716
        14⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 688
        12⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 648
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 628
        10⤵
        Program crash
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        8⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        11⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        13⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38341.exe
        14⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        15⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        16⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        17⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        18⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        19⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 636
        17⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe
        16⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        17⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        18⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 728
        16⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 636
        15⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 616
        14⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 636
        12⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 636
        12⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 720
        11⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        8⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 752
        7⤵
        Program crash
        
        PID:1472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 752
        7⤵
        Program crash
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        11⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 692
        12⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 656
        11⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 632
        10⤵
        Program crash
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 780
        9⤵
        Program crash
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        11⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        12⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        13⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        14⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        15⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        16⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        17⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 652
        15⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        14⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        15⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
        16⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 660
        11⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 668
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        11⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        12⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        13⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        14⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        15⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        16⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        17⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 636
        15⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 640
        14⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 664
        12⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 724
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 664
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 648
        9⤵
        Program crash
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 720
        8⤵
        
        PID:60
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 716
        7⤵
        Program crash
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 720
        6⤵
        Program crash
        
        PID:4912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 720
        6⤵
        Program crash
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        11⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
        12⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        13⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        14⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        15⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        16⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        17⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        18⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 648
        16⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 608
        14⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 596
        12⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 652
        10⤵
        Program crash
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        9⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        11⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        12⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        13⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        14⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        15⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        16⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
        17⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 624
        14⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 636
        12⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 636
        12⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 636
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 696
        9⤵
        Program crash
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        12⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        13⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        14⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        15⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        16⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        17⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 608
        15⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 716
        13⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 660
        11⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 740
        10⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 740
        9⤵
        Program crash
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 624
        9⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 624
        9⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 636
        8⤵
        Program crash
        
        PID:6456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 744
        6⤵
        Program crash
        
        PID:5688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 724
        5⤵
        Program crash
        
        PID:3912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 724
        5⤵
        Program crash
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 720
        10⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        11⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        12⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        13⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        14⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        15⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        16⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 664
        14⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 692
        11⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 588
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 636
        9⤵
        Program crash
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        12⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        13⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        14⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        15⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        16⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        17⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 616
        15⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 652
        13⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 644
        12⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 648
        11⤵
        
        PID:436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 652
        10⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 652
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 740
        7⤵
        Program crash
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        11⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        12⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        13⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        14⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        15⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        16⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        17⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 620
        14⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 724
        12⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 636
        11⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 636
        11⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 636
        10⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 644
        9⤵
        Program crash
        
        PID:1832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 696
        7⤵
        Program crash
        
        PID:6272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 712
        6⤵
        Program crash
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        11⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        12⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        13⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        14⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        15⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        16⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        17⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 728
        14⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 624
        9⤵
        Program crash
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 624
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        10⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        12⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        13⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        14⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        15⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 608
        11⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 652
        10⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 624
        9⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        7⤵
        
        PID:6036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 744
        5⤵
        Program crash
        
        PID:3868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 740
        5⤵
        Program crash
        
        PID:2592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 744
      4⤵
      Program crash
      PID:1496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 744
      4⤵
      Program crash
      PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        12⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        13⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        14⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        15⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        16⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        17⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 724
        15⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 744
        11⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        9⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        12⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        13⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        14⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        15⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 624
        13⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 628
        10⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 648
        9⤵
        Program crash
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 740
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        10⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29789.exe
        12⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        13⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        14⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        15⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        16⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        17⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 624
        15⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 548
        13⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 664
        11⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 732
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 748
        10⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 652
        9⤵
        Program crash
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        11⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        12⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        13⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        14⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        15⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        16⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        17⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 636
        15⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 640
        11⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 636
        10⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 664
        9⤵
        Program crash
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        11⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        12⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        13⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        14⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        15⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        16⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 644
        14⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 640
        10⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 688
        9⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 724
        8⤵
        Program crash
        
        PID:7404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 720
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        9⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        10⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        11⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        12⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        14⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        15⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 636
        13⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 748
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 696
        10⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 644
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 644
        9⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 724
        8⤵
        Program crash
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 724
        8⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49230.exe
        6⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        11⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        12⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        13⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        14⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        15⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 632
        13⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 652
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 640
        9⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 640
        9⤵
        
        PID:9632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 752
        5⤵
        Program crash
        
        PID:2660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 752
        5⤵
        Program crash
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        10⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9866.exe
        11⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        12⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        13⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        14⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        15⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        16⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        17⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 600
        15⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 636
        12⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 636
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 700
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 644
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 644
        10⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 724
        9⤵
        Program crash
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        11⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        12⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        13⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        14⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        15⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        16⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 708
        14⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 600
        13⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 648
        11⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 624
        10⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        9⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 636
        10⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 744
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 652
        8⤵
        Program crash
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        6⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        9⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
        12⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        13⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        14⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        15⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        16⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 660
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 680
        11⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 636
        10⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 752
        9⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 740
        8⤵
        Program crash
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27185.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32425.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        10⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        11⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        13⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        14⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        15⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 656
        10⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 724
        9⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 660
        7⤵
        Program crash
        
        PID:7980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 688
        5⤵
        Program crash
        
        PID:3476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 720
      4⤵
      Program crash
      PID:3016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 748
      4⤵
      Program crash
      PID:4100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 736
    3⤵
    - Program crash
    PID:3944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 736
    3⤵
    - Program crash
    PID:3868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33107.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        10⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        12⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        13⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        14⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        15⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        16⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        17⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 624
        15⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 724
        13⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 660
        12⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 736
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 636
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 712
        9⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 712
        7⤵
        Program crash
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        11⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        12⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        13⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        14⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        16⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 640
        14⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 524
        10⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 632
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 728
        8⤵
        Program crash
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        12⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        13⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        14⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
        15⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        16⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        17⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 608
        15⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 720
        14⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 648
        11⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 648
        9⤵
        Program crash
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        11⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        12⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        13⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        14⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        15⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        16⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 736
        13⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 644
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 628
        8⤵
        Program crash
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        6⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
        11⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        12⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        13⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        14⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        15⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        16⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 744
        10⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 728
        9⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 636
        8⤵
        Program crash
        
        PID:7996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 632
        5⤵
        Program crash
        
        PID:4004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 632
        5⤵
        Program crash
        
        PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        6⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        12⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        13⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        14⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        15⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        16⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 708
        14⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 620
        13⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 656
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 640
        9⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        7⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        9⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
        11⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        12⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        13⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        14⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        15⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        16⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 724
        14⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 736
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 696
        9⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 696
        9⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 648
        8⤵
        Program crash
        
        PID:7416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 736
        5⤵
        Program crash
        
        PID:5284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 744
      4⤵
      Program crash
      PID:4996
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 764
      4⤵
      Program crash
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        9⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49825.exe
        11⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        13⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        14⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        15⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        16⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        17⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 740
        15⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        14⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        15⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        16⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 732
        14⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 752
        12⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 640
        10⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 628
        9⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 636
        8⤵
        Program crash
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42339.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        10⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        11⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        12⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        13⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        14⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        15⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 696
        13⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 632
        11⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 616
        9⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 636
        8⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 616
        7⤵
        Program crash
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        5⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        9⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
        11⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        12⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        13⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        14⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63935.exe
        15⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 624
        13⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 724
        11⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 652
        10⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 604
        9⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 648
        8⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 676
        7⤵
        Program crash
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62269.exe
        10⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        11⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        12⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        13⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        14⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 652
        12⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 744
        9⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 636
        8⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 712
        7⤵
        
        PID:5960
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 708
    3⤵
    - Program crash
    PID:3560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 748
    3⤵
    - Program crash
    PID:3264
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 720
  2⤵
  - Program crash
  PID:3980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 720
  2⤵
  - Program crash
  PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3412 -ip 3412
1⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3412 -ip 3412
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4456 -ip 4456
1⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4456 -ip 4456
1⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4136 -ip 4136
1⤵
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3156 -ip 3156
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3156 -ip 3156
1⤵
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4136 -ip 4136
1⤵
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3788 -ip 3788
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1060 -ip 1060
1⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4700 -ip 4700
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3788 -ip 3788
1⤵
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1060 -ip 1060
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4700 -ip 4700
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4480 -ip 4480
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2856 -ip 2856
1⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3604 -ip 3604
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2304 -ip 2304
1⤵
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2012 -ip 2012
1⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2012 -ip 2012
1⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4480 -ip 4480
1⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2856 -ip 2856
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3604 -ip 3604
1⤵
PID:3112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2304 -ip 2304
1⤵
PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2172 -ip 2172
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 776 -ip 776
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4980 -ip 4980
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4960 -ip 4960
1⤵
PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2172 -ip 2172
1⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4672 -ip 4672
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3168 -ip 3168
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4256 -ip 4256
1⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3984 -ip 3984
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2524 -ip 2524
1⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 776 -ip 776
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4404 -ip 4404
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1612 -ip 1612
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4256 -ip 4256
1⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4672 -ip 4672
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3984 -ip 3984
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1952 -ip 1952
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1296 -ip 1296
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4980 -ip 4980
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4000 -ip 4000
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4128 -ip 4128
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4404 -ip 4404
1⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1324 -ip 1324
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4712 -ip 4712
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1612 -ip 1612
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1296 -ip 1296
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1952 -ip 1952
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 2452 -ip 2452
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4000 -ip 4000
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1708 -ip 1708
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1324 -ip 1324
1⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2012 -ip 2012
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2416 -ip 2416
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4128 -ip 4128
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4712 -ip 4712
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 1836 -ip 1836
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 1468 -ip 1468
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2408 -ip 2408
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1104 -ip 1104
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 4960 -ip 4960
1⤵
PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2732 -ip 2732
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3564 -ip 3564
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3896 -ip 3896
1⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 4948 -ip 4948
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 960 -ip 960
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2524 -ip 2524
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 2012 -ip 2012
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3168 -ip 3168
1⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 2452 -ip 2452
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1836 -ip 1836
1⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3788 -ip 3788
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4160 -ip 4160
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2732 -ip 2732
1⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1468 -ip 1468
1⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 2408 -ip 2408
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3412 -ip 3412
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1832 -ip 1832
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4384 -ip 4384
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5016 -ip 5016
1⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5092 -ip 5092
1⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3472 -ip 3472
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 1104 -ip 1104
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3896 -ip 3896
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3564 -ip 3564
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 960 -ip 960
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1656 -ip 1656
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4948 -ip 4948
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 3788 -ip 3788
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4160 -ip 4160
1⤵
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3412 -ip 3412
1⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 1832 -ip 1832
1⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4384 -ip 4384
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2692 -ip 2692
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 3472 -ip 3472
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5016 -ip 5016
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5092 -ip 5092
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5208 -ip 5208
1⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2716 -ip 2716
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 3436 -ip 3436
1⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 868 -ip 868
1⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5200 -ip 5200
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 1656 -ip 1656
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1204 -ip 1204
1⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2600 -ip 2600
1⤵
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4860 -ip 4860
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 2472 -ip 2472
1⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 428 -ip 428
1⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 2552 -ip 2552
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1496 -ip 1496
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4612 -ip 4612
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2728 -ip 2728
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4848 -ip 4848
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4016 -ip 4016
1⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5124 -ip 5124
1⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5080 -ip 5080
1⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1704 -ip 1704
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 2020 -ip 2020
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4216 -ip 4216
1⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3228 -ip 3228
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1308 -ip 1308
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4828 -ip 4828
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5608 -ip 5608
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1540 -ip 1540
1⤵
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5708 -ip 5708
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5564 -ip 5564
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5496 -ip 5496
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5208 -ip 5208
1⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6088 -ip 6088
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2692 -ip 2692
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5800 -ip 5800
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6036 -ip 6036
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 1708 -ip 1708
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2716 -ip 2716
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 868 -ip 868
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3436 -ip 3436
1⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5200 -ip 5200
1⤵
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 1204 -ip 1204
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2600 -ip 2600
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 4860 -ip 4860
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 428 -ip 428
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 1496 -ip 1496
1⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5484 -ip 5484
1⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2552 -ip 2552
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 4612 -ip 4612
1⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2728 -ip 2728
1⤵
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5636 -ip 5636
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6020 -ip 6020
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 4848 -ip 4848
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4016 -ip 4016
1⤵
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5888 -ip 5888
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1704 -ip 1704
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5124 -ip 5124
1⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5080 -ip 5080
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4216 -ip 4216
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5432 -ip 5432
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6140 -ip 6140
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2020 -ip 2020
1⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 5924 -ip 5924
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5248 -ip 5248
1⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5504 -ip 5504
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 1308 -ip 1308
1⤵
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6012 -ip 6012
1⤵
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5460 -ip 5460
1⤵
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5520 -ip 5520
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5944 -ip 5944
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5308 -ip 5308
1⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 5328 -ip 5328
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 3108 -ip 3108
1⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5980 -ip 5980
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4828 -ip 4828
1⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5396 -ip 5396
1⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5920 -ip 5920
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5720 -ip 5720
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5740 -ip 5740
1⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5896 -ip 5896
1⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5940 -ip 5940
1⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1508 -ip 1508
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1108 -p 5608 -ip 5608
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1540 -ip 1540
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5708 -ip 5708
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2416 -ip 2416
1⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6088 -ip 6088
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5912 -ip 5912
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5496 -ip 5496
1⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 996 -ip 996
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 5800 -ip 5800
1⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 6036 -ip 6036
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 6124 -ip 6124
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5548 -ip 5548
1⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1812 -ip 1812
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 2232 -ip 2232
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5512 -ip 5512
1⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5848 -ip 5848
1⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5484 -ip 5484
1⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5900 -ip 5900
1⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5596 -ip 5596
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 5764 -ip 5764
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5636 -ip 5636
1⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 6020 -ip 6020
1⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5152 -ip 5152
1⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6204 -ip 6204
1⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5376 -ip 5376
1⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5888 -ip 5888
1⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6624 -ip 6624
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5792 -ip 5792
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5288 -ip 5288
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6752 -ip 6752
1⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7008 -ip 7008
1⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 5424 -ip 5424
1⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 1700 -ip 1700
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5984 -ip 5984
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 1788 -ip 1788
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7060 -ip 7060
1⤵
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7044 -ip 7044
1⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6424 -ip 6424
1⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6348 -ip 6348
1⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 7032 -ip 7032
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 1664 -ip 1664
1⤵
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5136 -ip 5136
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5516 -ip 5516
1⤵
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 4404 -ip 4404
1⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6384 -ip 6384
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5432 -ip 5432
1⤵
PID:60

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2260 -ip 2260
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6440 -ip 6440
1⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5440 -ip 5440
1⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 3308 -ip 3308
1⤵
PID:264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 3476 -ip 3476
1⤵
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3284 -ip 3284
1⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 3556 -ip 3556
1⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 7016 -ip 7016
1⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6140 -ip 6140
1⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 5544 -ip 5544
1⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1164 -p 2460 -ip 2460
1⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 5692 -ip 5692
1⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 6408 -ip 6408
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1252 -p 4940 -ip 4940
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1264 -p 6792 -ip 6792
1⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 1316 -ip 1316
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1204 -p 5372 -ip 5372
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1272 -p 4352 -ip 4352
1⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6796 -ip 6796
1⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2524 -ip 2524
1⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 6972 -ip 6972
1⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 4516 -ip 4516
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4100 -ip 4100
1⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4268 -ip 4268
1⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1208 -p 6280 -ip 6280
1⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 5284 -ip 5284
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6468 -ip 6468
1⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3756 -ip 3756
1⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 1856 -ip 1856
1⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 7040 -ip 7040
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3984 -ip 3984
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1180 -p 4444 -ip 4444
1⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 3896 -ip 3896
1⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4456 -ip 4456
1⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 3704 -ip 3704
1⤵
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 684 -ip 684
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1420 -p 2932 -ip 2932
1⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6904 -ip 6904
1⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6604 -ip 6604
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 6640 -ip 6640
1⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3232 -ip 3232
1⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1440 -p 4964 -ip 4964
1⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1452 -p 6868 -ip 6868
1⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1300 -p 3200 -ip 3200
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1480 -p 4620 -ip 4620
1⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1508 -p 6244 -ip 6244
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 4948 -ip 4948
1⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1552 -p 6056 -ip 6056
1⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1560 -p 6828 -ip 6828
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1584 -p 6636 -ip 6636
1⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1604 -p 2984 -ip 2984
1⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1632 -p 2172 -ip 2172
1⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1484 -p 7156 -ip 7156
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1640 -p 1684 -ip 1684
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 3228 -ip 3228
1⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2472 -ip 2472
1⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 5564 -ip 5564
1⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 3308 -ip 3308
1⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1496 -p 1612 -ip 1612
1⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6212 -ip 6212
1⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1056 -p 5296 -ip 5296
1⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1872 -p 5136 -ip 5136
1⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 6936 -ip 6936
1⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1496 -ip 1496
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1404 -p 6480 -ip 6480
1⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 3216 -ip 3216
1⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2624 -ip 2624
1⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 4296 -ip 4296
1⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1636 -p 7128 -ip 7128
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1920 -p 3472 -ip 3472
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1948 -p 6932 -ip 6932
1⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1968 -p 3124 -ip 3124
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 5224 -ip 5224
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5128 -ip 5128
1⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 3788 -ip 3788
1⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6960 -ip 6960
1⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5984 -ip 5984
1⤵
PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe

Filesize
468KB

MD5
8f497905209d0af184b67f6d46965230

SHA1
e093f596f42ee2abe70611dbe8664c9e1e56cf51

SHA256
6ef9324c498b9561abaef8ea0707b239c9dd6222594d0694c0d927e2624cc9cf

SHA512
96f1aaf5b3489f60ac31c09d3957ce020726ae9142297525b3dc2bdc6f0955566e4c0d99eac8ea505fa887c107cb18d235b11cec034926c4e0937351f5d3eb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe

Filesize
468KB

MD5
27fb7cf9f1ec1a65db0cb2e9b37aaa11

SHA1
a5a2fa13e548a81e75354cf48774d11d32861be3

SHA256
ff08f4e2bd699b1d7cb6c8b42cc6929af5608f248108f56970b0f28776c205d0

SHA512
d91754ccb0abcc42474eb6ae3d47f101bf6f511980cbbdede98b30114818951d0b767f7b195f3b079e9e5a05a11a3fa098d7e34dfe1e71fe68f051cd03924e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe

Filesize
468KB

MD5
f7ef1e808c75a2a26c408db26772d774

SHA1
3f11af6d27849c637f76da86b7ad4403d7266901

SHA256
653b7a86e839710766c26c2452a3079209056681d113911a1966c467e5732188

SHA512
40ec0873103e72dc028d1a937e308760c38297bd27332a15341fc45d9d5fae71b3c45e167807df1e6dee241633550477676d490dbce9e40ed89baa0082a6a531

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe

Filesize
468KB

MD5
0a4cf45a06f1a5d5b85127dea2b179fb

SHA1
76ffa482d781633f79629ced8b7d2a92c0c59d57

SHA256
df4cc94cb9a8b23a6e38a7ff44ada405ffcf354bbc119a57bbc579a40f5a5c84

SHA512
1030b9baaf7d084da848cfa995c1a3a4ee46d7b1e816ec2ce71a27b077eed3478bbe5b513f1ba3223cb53d00fc4735135f789fea64074a3b5a8ade816d02c49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe

Filesize
468KB

MD5
250fa3cee5ccf2ef930386857ed9dfc9

SHA1
3def4e285b332db67bcbe293ffe16e1613cb0009

SHA256
e61e2bb5a84f24f95a696f9d6b5ff16e84f9bc49cb4b24c05e81c4c009a5e70a

SHA512
44a90f87d1b283323486236710872e2b12801b8c93eceffeaf052b7c5d02b74c11261b6d093e7c9f26387eb050cf2e73fcdcae0c0c0e584138ae46d4d15edbbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe

Filesize
468KB

MD5
64c481e6c4e227039206613eb783b678

SHA1
df83201a171221b2cf87afc63ab9a529f085f64f

SHA256
83152e9517b5ee28c7222563c6576ba59d087e1cdf01d406f3b58e9beecffd3e

SHA512
bbb92cf3a025f584902c11ea328b8eb6e266075af0b53105667d01c9d82b375ee90962ae36d08d7643a2ef81ca345b75ffdb871cebd18b14c0607a468c0445c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe

Filesize
468KB

MD5
bc29eef77acc395caaa58b50d3fc897c

SHA1
7ecbf5226c811c6f0221770b93b99526fbf5b7c3

SHA256
aebb5d26b68ef997913270c9bd78368bdc11321f60263f87339cd690a334785d

SHA512
d53f9304200ef5bafa0faf8973a9fb94e074fc7f7168aafe43fac2c58ed5c3a6997a3c54fa76713fa63cf9bd9f900210c632cab3c74830d74d3ab4193521b50a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe

Filesize
468KB

MD5
dbaf47adfe0793513392d0ebfebd510b

SHA1
035d3270f9e20ee4e6609fcd17ff06512635a029

SHA256
3373e11dd920b542734033e2ca603f3a467aa3e5e0e3a8c05b007fe34e70afb9

SHA512
051543689ff77b62435728c3b42534bee20b2fa51de580ee3dce3696c47a10c3342621ef0438915f5811a5e323fb3194d9fba717c14dbb63d4b1ebb5bb740666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe

Filesize
468KB

MD5
c99057d4b198be7eee693277982f6ee6

SHA1
c8157661b7806e7fba9b231d608a867b5b288c75

SHA256
e1328a307ec0523cea86c1aba650e3a4b3853357503af9a2710d52bbc7cf4a89

SHA512
c6111351a6687e8d3b2374a15bd2bb17e8190da2b61d0bd35858feb4f5e8f0cd97d04f9061d448ff6dc524e45593841eb6626de8857faee83314c78ae41c3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe

Filesize
468KB

MD5
5729b1bb106aa5bfd8547e509c991f7a

SHA1
9f6abd1ab58d01b8f157fe0692ad10bc273b2761

SHA256
0b6a9c2bd3242d9676d3221455b0fc322cd2212babf40c697f8114a8f0c5dcc6

SHA512
e1a2bb311dc642aae553d0804dc014599e5789bf958366850d05965ede22896cfe7aeba6a20dd30d273e404346b57fe99b66adea750c2569de5096b1b72322b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe

Filesize
468KB

MD5
b8e5640633d8d068961eaac06b3f24bc

SHA1
8212017198632d349b082f36f9f5cc1a40227a07

SHA256
5589b23872c05ad0fe0fc8a2d6292af7d023d0c2ddf6ed601615247638552cb4

SHA512
01953f2ba381aae9e9eec56d011e7c186e9d176014153465589633dfb234d0b56bcab252ba2961bb32bf5b4fcf673996e7909a99e2c67d860a38a941e76a746c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe

Filesize
468KB

MD5
5dd165b658a1605f268ab1b34c2945c5

SHA1
c31802855ea69223dc081c4fcf3dce5deb3c0eaf

SHA256
630ee5f6a7d83d802876c9d02beb425e6ff9a8a6dcadfe86dfdeb879ee95f9e9

SHA512
1d5f754701804c56fd78375bf85e18cbb6031d2fd70d9de333e17661a10c7d9bd9517535ee110718e3c786bceb89df80227aa689be23dccea38fdfbce0134a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe

Filesize
468KB

MD5
ebe067f31835d47fd57ff05577de80e4

SHA1
48617c7aac0de911d94014cce4d7ec782ec8a464

SHA256
8f510c123d3b6ec6dfe467ead708d87ab5b12a7fe17de27d9ff96a0d37b3a51b

SHA512
296d9eef77eec0f1173a4a553742e977d7aa6afb71f05ec19b1d9fdd8c6e9050ec88f1947418d90d7055958c110a78d9ebc13ca51b741af8e16649e0a4bf094a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe

Filesize
468KB

MD5
9850edd09f0baa752248778d2f724985

SHA1
76dbe523452b71d52a71ad3365821ed9329df611

SHA256
97e8eb52bab488ed2761cc56f2cb3cf20fa3c93fb84b7a7d2eeef49479a205df

SHA512
53276a20eecd47ca51ac2521dfe5346793aa225145694ece520d11b34fb5fc9e211ae9f5aa605874484a9c0c4ec40dc57fae79c03c36fc8b4375064234bdb59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe

Filesize
468KB

MD5
0b09d44a9aa229b44f45cc7e31d881d6

SHA1
193d258c07c6dc0c1aa97dabeabbcfcd62abacad

SHA256
28e390fd667f91026386d0a0d48e15bd1654473703ae54715208c90c43226aa5

SHA512
b573eac163185aac26bb64019da5b8594a2ccfa0339fb2b9ae39222a70cda2bf06df6abc594ceb461c9948976e95517185e70c799c98cfed2263bf161f3ba51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe

Filesize
468KB

MD5
729d60d6037aecadce733cc24cb8bf20

SHA1
506729f78e137d342646230131741b9d8ab78b54

SHA256
ddc7166e05c4e3487c4e2603b6121854a535a0297c59438e1bc408bb897b2a98

SHA512
1926d62658650e521810026df3b2d282c4df1e15dc0991c8750efc23ced46d6ce8d9d59c56585670f11ef11abc79ff998e919a2224b51471d48b6726947853ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe

Filesize
468KB

MD5
2d7aa4843a83ef87e2c0e90775a9ade2

SHA1
4aad11ae3d6b943f5031ffd9455514012ca2e6cd

SHA256
984ba06651707fb6c2fad2350639661c75a6614df38b51ef68dfc47837d5b48f

SHA512
7b81c5cecaae8d61fb7298d99872fbddd98bcc260d429f1f205a6d9c65644f661a89aa7df152fa3920bee760a49c6ab8ee7e20be22a3ed423009f64b4f650bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe

Filesize
468KB

MD5
4244d38f2dceed2d23a48b37d08cdff5

SHA1
8d2e2441b38715e4f6f0779a817354c10d9aab0b

SHA256
5e7c7ef5d0220e73f98fbf95e196151083024b7d09b6cd49d759386b4c94c7ca

SHA512
79b0e9fa7fa97df79359c8ce3cbe9aee5e86aa2e531acf17bd58687590db888878703b52ebcdf4b87c89014a4ab205ad5e4909f70f4fbc49539dc0718a122039

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe

Filesize
468KB

MD5
636b6a8a79122223b7c2c92f2b42d12c

SHA1
29812fef391bcd06915281a2e05e64b0beab0eb2

SHA256
eb9b9007be7f8ef4aeafd28c76138ec99c3008d96e33c65dd1b3947bf0d31f0b

SHA512
d35c2e30036f82ef6b99567035b6b397a6ba5ac4b6c995f282368d7f4c2ef17312e77f401f5180aec354a7324a9238bb2e9bdc803ac9bbe487468716794984d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe

Filesize
468KB

MD5
8c2454ae52cb018af0e4cb6da702c681

SHA1
8caea0513782f772d11583b596c55199f1719b0d

SHA256
ea77087f47f908465027540a6a5f829c228c7fbe49b735537f170be316a65b62

SHA512
f4e5bd65cc5f8dca41942c481fe1b1fa05ad60768711422d28408f6678f016f9ebd3590a4e7839f1cd5e9028790495054df78c06937e86a08a03bf6d2419fd63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe

Filesize
468KB

MD5
68feeb71fe460009a7e5625ec4f5b18c

SHA1
445864f08560478e2e3afe6ff8416c6888d34c0b

SHA256
4076fa1feeba91e738d420662a68dafeecd9841661b855f17b5b501ece1c790d

SHA512
7a9188558156ea3a35dd91e8fd03a90763d9c8f656a3093f99ae09784dd8a1ccfc305d4d5eb5b49fdfbb2fc087a8c1b67403d3b97b4792b2cf0663f483cfa904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe

Filesize
468KB

MD5
ca99fed2306d2da74abed37f62eb450e

SHA1
7a0e1e1df7e981fb07e6b11fc49cad0079b01b21

SHA256
d0197b4986b214a48313a4ab92a27f7990a8b090c9fbdf32022234124af499c9

SHA512
825eb45fead906c2e158650e317eb7b7510ca3c32b50487861610a3e18874f6a4083b6cd685382c99814db2327000756e8a8f7a057e30cb45ea8b84ec927bb94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe

Filesize
468KB

MD5
2d8e44c600b1a8b807cf46f482706127

SHA1
9d0c478ae629105e70abc89d8ba7abea1192899d

SHA256
906bd1fe2ae9ff9e2983790d7bfa75e10576db4947389f0e4b7635a0e09f3933

SHA512
0131be94f3e0a1f34a975843619aee938dc0e9e4a17d6cfe20549a41c0abca57d3dee845273b40832a6e31673f01e5f2099618cfe9b3111621980aea3ffdc06e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe

Filesize
468KB

MD5
5883ef63206db4e9e6bf82d38e7fe540

SHA1
dfd57c062ea8e5f4382aa01fad9d858b8dd337ee

SHA256
b682dd36580f1f3fd9f69b074850a79d60cbd0f424170ff2dfcd0236e95f9476

SHA512
61e6106f43e8f72c36b538b46fbf416490dc093e45105a9451c23d3587b266c6986ed5c2ded5ae449fe2e6e02c2a9c5612a598e28be292f70ab7a0ca6c98a628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe

Filesize
468KB

MD5
ba98cb28f36dff3a02ffe371855379ee

SHA1
d13eda2a7a5f13abf937767f0e09f66d1a2d2480

SHA256
be9815d40509fe97b3d632d2aaea861bc03b20a134756e64891cf86bfa8ae8fe

SHA512
5b3bbe6ef7cd56ba50ef9903748e961c8bd6b45cf9c1b6323a0332771571c37c1c11ac19270ba540e4a12e7dc289cc54a3fbec66ee7914837815e516e49dafb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe

Filesize
468KB

MD5
255cfaf25bb9fae6bff7052be131a057

SHA1
bf3811eba1f4b6302be718b70de9cfdea579cb8e

SHA256
98e965dde1a7e0e91989d5dbcdfb35853e6177a44a876ec762f49f25d6d775ae

SHA512
dfa1b8a64c706dd214fbf825b6ac391cac3c87fc9df8e72def5ddbe772054d41bb08591d4fed199394cc5694fda4f9fb551e1098f91dd052a465f5f851b5f230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe

Filesize
468KB

MD5
e8cf19566bf7bd158bf58f3b3dec03fa

SHA1
4330d30b6c0e8d8eeba7c0f613d48101babeac47

SHA256
dfaf9fa50739c8f450091af9b4b21cf14a9c77f0a32c1a9c5136145f336bf5de

SHA512
7ba95d1444f3bf090aab12ac4c49c50ca13afbfbaeb1388cf7b73a1879656f3f06604ff838843b5aed81f2a48dbde84d9cacb239eb12c1c7c3f9a232cfc2d7eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe

Filesize
468KB

MD5
aa45867044a99d4ae0fef7e5ef884681

SHA1
0969a7c815dfb4de6a8bd470214c086bc4dd682d

SHA256
2b35abf06ca163b81d4307436404288cdb51871b634064818053f3fe91d75774

SHA512
e5545a8810a19eddde9f03bd133423ee8ae554b5165933d8158d1f1684dfe4438618f4a0340c4da118e2aac8a9a3684a2e0ccb57fbb06db1e9186e7036d58a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe

Filesize
468KB

MD5
3b4905043f1930ceb62294cf1e66a9b6

SHA1
58f8379de9e527f31666b84048129db9bdfa0765

SHA256
89d6047a21fe166568173f6e1f96bbc7d3d26843e59a7eaa912aaf2b896de4dc

SHA512
60b5f631be7cf37cd40ef0c06a699a5c1aeeb16e14cf4af1d124619c0e80b4d4425fd756e0d042dc29656ac7634524c4f007cd738d30f6358c923256d3124d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe

Filesize
468KB

MD5
442036528bef1047009971d95a29667a

SHA1
dca98631a4bfc5fb2bc4c7de1a030dd08dbda70b

SHA256
7364175ad9efe482fff31fd0925e76ffa08a5c89e8c6f4afb38ecea0e3323098

SHA512
822eaa09365c838e8220883d896ce42d777ed8494fa14a1aebf0ea2a895d042cee8278bbec0036d742655a22e6644aaddfbd70e94b48b4118bd5621bdadd83e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9510.exe

Filesize
468KB

MD5
8c87370c55ec25aade4b2fe8688afb57

SHA1
d598f9f27c4917e35e4cf696c43db0a362342438

SHA256
615452471983fab7db43543024a67eb5a7d5179504c8cdbe2692e9269c36d6e5

SHA512
20cbda3a75b81ea77d7c69d49199db6a983761071aec910e58e8a1b7e1d62c5669132bb20306c5b5678fd3af72ccfe973930d058e37c5aebaa7750cd8717d546

Download Submit
memory/428-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/776-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/776-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/960-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1204-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1296-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1324-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1468-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1612-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1704-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2452-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2524-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2692-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3436-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3564-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3788-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3788-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3788-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4016-274-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4128-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4136-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4136-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4160-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4256-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4256-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4612-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4672-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4672-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4712-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5460-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5504-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5848-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6020-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download