bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
Size

184KB
MD5

33ef7cf0674222355d3927f4091ab855
SHA1

f57a07f65c57bc99a498869a142059d81b8799f0
SHA256

bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c
SHA512

2dcb856ec897a1b03fa3c6dad71166f73e72187b40046f213a0b656f7bc2284e6dc48b9d346fde7ffae7b91d7496b791d262f22cfc0a337845f9aeefce646a41
SSDEEP

3072:XVa/svoE3S8EwqYmeWnIq4PLIdlOAuttJGD2C59tUTvAlnkOF+:XVFoIJqYKI3PLIGcReAlnkOF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2348	Unicorn-14175.exe
3344	Unicorn-63968.exe
3204	Unicorn-11046.exe
4928	Unicorn-40646.exe
3488	Unicorn-60128.exe
5020	Unicorn-10738.exe
396	Unicorn-47168.exe
1464	Unicorn-10774.exe
4040	Unicorn-63603.exe
1072	Unicorn-28470.exe
3332	Unicorn-13826.exe
1728	Unicorn-64096.exe
3832	Unicorn-44231.exe
3052	Unicorn-11439.exe
2812	Unicorn-39513.exe
4676	Unicorn-63328.exe
1532	Unicorn-29888.exe
2472	Unicorn-46416.exe
3880	Unicorn-57962.exe
3536	Unicorn-62560.exe
4888	Unicorn-9638.exe
1544	Unicorn-63920.exe
3272	Unicorn-46323.exe
4136	Unicorn-26457.exe
2780	Unicorn-62083.exe
4500	Unicorn-10422.exe
3944	Unicorn-15680.exe
5104	Unicorn-62934.exe
2736	Unicorn-64688.exe
2436	Unicorn-32016.exe
4568	Unicorn-47091.exe
912	Unicorn-27225.exe
2844	Unicorn-28294.exe
1564	Unicorn-23878.exe
668	Unicorn-16259.exe
1456	Unicorn-50192.exe
876	Unicorn-13606.exe
2392	Unicorn-607.exe
2380	Unicorn-46087.exe
1448	Unicorn-415.exe
4724	Unicorn-50768.exe
2196	Unicorn-33782.exe
1216	Unicorn-36928.exe
5000	Unicorn-19331.exe
4496	Unicorn-49735.exe
2036	Unicorn-48474.exe
2544	Unicorn-20016.exe
4288	Unicorn-18947.exe
952	Unicorn-3679.exe
4920	Unicorn-3679.exe
3000	Unicorn-49159.exe
2936	Unicorn-49159.exe
3540	Unicorn-63840.exe
1244	Unicorn-46160.exe
856	Unicorn-29174.exe
208	Unicorn-49040.exe
3264	Unicorn-12454.exe
3736	Unicorn-48656.exe
1920	Unicorn-15407.exe
2848	Unicorn-64608.exe
2184	Unicorn-43481.exe
2508	Unicorn-28214.exe
4432	Unicorn-37904.exe
4016	Unicorn-49943.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3272	1360	WerFault.exe	82
4920	2348	WerFault.exe	86
5040	3204	WerFault.exe	88
312	4928	WerFault.exe	92
2312	3488	WerFault.exe	93
2104	5020	WerFault.exe	100
2180	396	WerFault.exe	101
5000	1464	WerFault.exe	102
3656	4040	WerFault.exe	106
2688	1072	WerFault.exe	107
4140	3332	WerFault.exe	108
3120	3832	WerFault.exe	110
2324	1728	WerFault.exe	109
4276	2196	WerFault.exe	161
1952	3052	WerFault.exe	117
4356	2812	WerFault.exe	118
1016	4676	WerFault.exe	119
628	1532	WerFault.exe	120
1944	3880	WerFault.exe	122
1728	2472	WerFault.exe	121
4400	3536	WerFault.exe	123
2532	1448	WerFault.exe	159
4372	4136	WerFault.exe	133
3996	3272	WerFault.exe	132
5052	2780	WerFault.exe	134
1016	4500	WerFault.exe	135
3368	5104	WerFault.exe	137
3564	2736	WerFault.exe	138
4356	3944	WerFault.exe	136
392	2436	WerFault.exe	139
5864	1564	WerFault.exe	153
5856	668	WerFault.exe	154
5912	1456	WerFault.exe	155
5964	4724	WerFault.exe	160
5988	3540	WerFault.exe	180
4200	2508	WerFault.exe	198
3964	2184	WerFault.exe	197
7132	5096	WerFault.exe	255
6628	4432	WerFault.exe	200
6364	3516	WerFault.exe	230
4044	5552	WerFault.exe	280
968	5292	WerFault.exe	271
7776	3924	WerFault.exe	327
7400	412	WerFault.exe	236
7872	6400	WerFault.exe	390
6936	6224	WerFault.exe	387
4968	6908	WerFault.exe	469
6692	5320	WerFault.exe	483
8136	6672	WerFault.exe	516
7332	7704	WerFault.exe	555
3508	5052	WerFault.exe	635
3616	7884	WerFault.exe	633
1584	3128	WerFault.exe	662
6760	3412	WerFault.exe	659
904	6088	WerFault.exe	647
2468	5892	WerFault.exe	649
5444	7132	WerFault.exe	735
2380	5452	WerFault.exe	641
1112	3700	WerFault.exe	699
2068	5916	WerFault.exe	646
2312	5532	WerFault.exe	676
2816	7064	WerFault.exe	739
2392	7268	WerFault.exe	747
4964	752	Process not Found	763

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3679.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
2348	Unicorn-14175.exe
3344	Unicorn-63968.exe
3204	Unicorn-11046.exe
4928	Unicorn-40646.exe
3488	Unicorn-60128.exe
5020	Unicorn-10738.exe
396	Unicorn-47168.exe
1464	Unicorn-10774.exe
4040	Unicorn-63603.exe
1072	Unicorn-28470.exe
3332	Unicorn-13826.exe
3832	Unicorn-44231.exe
1728	Unicorn-64096.exe
3052	Unicorn-11439.exe
2812	Unicorn-39513.exe
4676	Unicorn-63328.exe
1532	Unicorn-29888.exe
3880	Unicorn-57962.exe
2472	Unicorn-46416.exe
4888	Unicorn-9638.exe
3536	Unicorn-62560.exe
1544	Unicorn-63920.exe
3272	Unicorn-46323.exe
4136	Unicorn-26457.exe
2780	Unicorn-62083.exe
4500	Unicorn-10422.exe
3944	Unicorn-15680.exe
2736	Unicorn-64688.exe
5104	Unicorn-62934.exe
2436	Unicorn-32016.exe
2844	Unicorn-28294.exe
912	Unicorn-27225.exe
4568	Unicorn-47091.exe
1564	Unicorn-23878.exe
668	Unicorn-16259.exe
1456	Unicorn-50192.exe
876	Unicorn-13606.exe
2392	Unicorn-607.exe
2380	Unicorn-46087.exe
1448	Unicorn-415.exe
4724	Unicorn-50768.exe
2196	Unicorn-33782.exe
1216	Unicorn-36928.exe
4496	Unicorn-49735.exe
2036	Unicorn-48474.exe
2544	Unicorn-20016.exe
5000	Unicorn-19331.exe
952	Unicorn-3679.exe
4920	Unicorn-3679.exe
3000	Unicorn-49159.exe
4288	Unicorn-18947.exe
2936	Unicorn-49159.exe
3540	Unicorn-63840.exe
1244	Unicorn-46160.exe
856	Unicorn-29174.exe
208	Unicorn-49040.exe
3264	Unicorn-12454.exe
2848	Unicorn-64608.exe
3736	Unicorn-48656.exe
1920	Unicorn-15407.exe
2184	Unicorn-43481.exe
2508	Unicorn-28214.exe
4432	Unicorn-37904.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2348	1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	86
PID 1360 wrote to memory of 2348	1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	86
PID 1360 wrote to memory of 2348	1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	86
PID 2348 wrote to memory of 3344	2348	Unicorn-14175.exe	87
PID 2348 wrote to memory of 3344	2348	Unicorn-14175.exe	87
PID 2348 wrote to memory of 3344	2348	Unicorn-14175.exe	87
PID 1360 wrote to memory of 3204	1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	88
PID 1360 wrote to memory of 3204	1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	88
PID 1360 wrote to memory of 3204	1360	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	88
PID 2348 wrote to memory of 4928	2348	Unicorn-14175.exe	92
PID 2348 wrote to memory of 4928	2348	Unicorn-14175.exe	92
PID 2348 wrote to memory of 4928	2348	Unicorn-14175.exe	92
PID 3204 wrote to memory of 3488	3204	Unicorn-11046.exe	93
PID 3204 wrote to memory of 3488	3204	Unicorn-11046.exe	93
PID 3204 wrote to memory of 3488	3204	Unicorn-11046.exe	93
PID 4928 wrote to memory of 5020	4928	Unicorn-40646.exe	100
PID 4928 wrote to memory of 5020	4928	Unicorn-40646.exe	100
PID 4928 wrote to memory of 5020	4928	Unicorn-40646.exe	100
PID 3488 wrote to memory of 396	3488	Unicorn-60128.exe	101
PID 3488 wrote to memory of 396	3488	Unicorn-60128.exe	101
PID 3488 wrote to memory of 396	3488	Unicorn-60128.exe	101
PID 3204 wrote to memory of 1464	3204	Unicorn-11046.exe	102
PID 3204 wrote to memory of 1464	3204	Unicorn-11046.exe	102
PID 3204 wrote to memory of 1464	3204	Unicorn-11046.exe	102
PID 5020 wrote to memory of 4040	5020	Unicorn-10738.exe	106
PID 5020 wrote to memory of 4040	5020	Unicorn-10738.exe	106
PID 5020 wrote to memory of 4040	5020	Unicorn-10738.exe	106
PID 4928 wrote to memory of 1072	4928	Unicorn-40646.exe	107
PID 4928 wrote to memory of 1072	4928	Unicorn-40646.exe	107
PID 4928 wrote to memory of 1072	4928	Unicorn-40646.exe	107
PID 396 wrote to memory of 3332	396	Unicorn-47168.exe	108
PID 396 wrote to memory of 3332	396	Unicorn-47168.exe	108
PID 396 wrote to memory of 3332	396	Unicorn-47168.exe	108
PID 1464 wrote to memory of 1728	1464	Unicorn-10774.exe	109
PID 1464 wrote to memory of 1728	1464	Unicorn-10774.exe	109
PID 1464 wrote to memory of 1728	1464	Unicorn-10774.exe	109
PID 3488 wrote to memory of 3832	3488	Unicorn-60128.exe	110
PID 3488 wrote to memory of 3832	3488	Unicorn-60128.exe	110
PID 3488 wrote to memory of 3832	3488	Unicorn-60128.exe	110
PID 4040 wrote to memory of 3052	4040	Unicorn-63603.exe	117
PID 4040 wrote to memory of 3052	4040	Unicorn-63603.exe	117
PID 4040 wrote to memory of 3052	4040	Unicorn-63603.exe	117
PID 5020 wrote to memory of 2812	5020	Unicorn-10738.exe	118
PID 5020 wrote to memory of 2812	5020	Unicorn-10738.exe	118
PID 5020 wrote to memory of 2812	5020	Unicorn-10738.exe	118
PID 1072 wrote to memory of 4676	1072	Unicorn-28470.exe	119
PID 1072 wrote to memory of 4676	1072	Unicorn-28470.exe	119
PID 1072 wrote to memory of 4676	1072	Unicorn-28470.exe	119
PID 3332 wrote to memory of 1532	3332	Unicorn-13826.exe	120
PID 3332 wrote to memory of 1532	3332	Unicorn-13826.exe	120
PID 3332 wrote to memory of 1532	3332	Unicorn-13826.exe	120
PID 3832 wrote to memory of 2472	3832	Unicorn-44231.exe	121
PID 3832 wrote to memory of 2472	3832	Unicorn-44231.exe	121
PID 3832 wrote to memory of 2472	3832	Unicorn-44231.exe	121
PID 396 wrote to memory of 3880	396	Unicorn-47168.exe	122
PID 396 wrote to memory of 3880	396	Unicorn-47168.exe	122
PID 396 wrote to memory of 3880	396	Unicorn-47168.exe	122
PID 1728 wrote to memory of 3536	1728	Unicorn-64096.exe	123
PID 1728 wrote to memory of 3536	1728	Unicorn-64096.exe	123
PID 1728 wrote to memory of 3536	1728	Unicorn-64096.exe	123
PID 1464 wrote to memory of 4888	1464	Unicorn-10774.exe	124
PID 1464 wrote to memory of 4888	1464	Unicorn-10774.exe	124
PID 1464 wrote to memory of 4888	1464	Unicorn-10774.exe	124
PID 3052 wrote to memory of 1544	3052	Unicorn-11439.exe	131

C:\Users\Admin\AppData\Local\Temp\bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
"C:\Users\Admin\AppData\Local\Temp\bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        11⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        13⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        14⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        15⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
        16⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        17⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        18⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 648
        15⤵
        Program crash
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        11⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
        12⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        13⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        14⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        15⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9047.exe
        16⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        12⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        13⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        14⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        15⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        16⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 648
        14⤵
        Program crash
        
        PID:1112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 724
        10⤵
        Program crash
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 752
        9⤵
        Program crash
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        12⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        13⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        14⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        15⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        16⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        17⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 656
        11⤵
        Program crash
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 752
        8⤵
        Program crash
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 752
        7⤵
        Program crash
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        11⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        12⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        13⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        14⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        15⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        16⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        17⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        18⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        10⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        11⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        13⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        14⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        15⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        16⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        11⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        13⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        14⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        15⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        16⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        17⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        12⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        13⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        14⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        15⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        16⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        17⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        18⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 640
        9⤵
        Program crash
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 724
        8⤵
        Program crash
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        10⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        11⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        12⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        13⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        14⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        15⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        16⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        17⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 604
        13⤵
        Program crash
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44291.exe
        10⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        12⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        13⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        14⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        15⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 616
        10⤵
        Program crash
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        10⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        11⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        12⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        13⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        14⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        15⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        16⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        17⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 764
        7⤵
        Program crash
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 716
        6⤵
        Program crash
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
        10⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        11⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        12⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        13⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        14⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        15⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        16⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        17⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        18⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        19⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 644
        16⤵
        Program crash
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 612
        15⤵
        Program crash
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 644
        14⤵
        Program crash
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        11⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        13⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        14⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        16⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        10⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        12⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        13⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        14⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        15⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        16⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 740
        12⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 740
        8⤵
        Program crash
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        12⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        13⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
        14⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        9⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        12⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 736
        12⤵
        Program crash
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        13⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        14⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        15⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        16⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 752
        7⤵
        Program crash
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        9⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        11⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        13⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        14⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        15⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        16⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        10⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        12⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        13⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        14⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        15⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        16⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        9⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        11⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        12⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        13⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        14⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        15⤵
        
        PID:4688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 720
        6⤵
        Program crash
        
        PID:4356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 744
        5⤵
        Program crash
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        11⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44291.exe
        12⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        13⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        14⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        10⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        12⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
        13⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        9⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        10⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28832.exe
        11⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 664
        9⤵
        Program crash
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 652
        8⤵
        Program crash
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 768
        7⤵
        Program crash
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        8⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        13⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        14⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        15⤵
        
        PID:2464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 744
        6⤵
        Program crash
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 724
        7⤵
        Program crash
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
        10⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 724
        7⤵
        Program crash
        
        PID:4200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 728
        6⤵
        Program crash
        
        PID:1016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 712
        5⤵
        Program crash
        
        PID:2688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 720
      4⤵
      Program crash
      PID:312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 756
    3⤵
    - Program crash
    PID:4920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        9⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
        12⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        13⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        14⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        15⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        16⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        17⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        18⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        19⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        15⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        16⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        17⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 660
        16⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        11⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        13⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25518.exe
        14⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        15⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        17⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35792.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        12⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        13⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        14⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        15⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 732
        13⤵
        Program crash
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 636
        12⤵
        Program crash
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 652
        10⤵
        Program crash
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 716
        8⤵
        Program crash
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        13⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        14⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        15⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        16⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1040.exe
        17⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        17⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        18⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        11⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        12⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        14⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
        15⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        16⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
        10⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        11⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 736
        7⤵
        Program crash
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        12⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        13⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        14⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        15⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        16⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        17⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        18⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        12⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        12⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        13⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        14⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        15⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        11⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        12⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        13⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        14⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        15⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        16⤵
        
        PID:6420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 716
        6⤵
        Program crash
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        11⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        12⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        13⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        14⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        15⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        16⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        17⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        12⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        13⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        14⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        15⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        12⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        13⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        14⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        15⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
        16⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 636
        10⤵
        Program crash
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 720
        9⤵
        Program crash
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39264.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        10⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        11⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        12⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        13⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 612
        14⤵
        Program crash
        
        PID:2816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 724
        13⤵
        Program crash
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 736
        8⤵
        Program crash
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        11⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        12⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        13⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 736
        7⤵
        Program crash
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 488
        7⤵
        Program crash
        
        PID:4276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 764
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 708
        5⤵
        Program crash
        
        PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        12⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        13⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        14⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        15⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
        16⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 716
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        14⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        15⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        7⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        9⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        12⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        13⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        14⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        15⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        16⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        11⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        13⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        15⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 708
        11⤵
        Program crash
        
        PID:3616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 740
        6⤵
        Program crash
        
        PID:1728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 740
        5⤵
        Program crash
        
        PID:3120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 744
      4⤵
      Program crash
      PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        9⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        11⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        12⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        13⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        14⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        15⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        16⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        17⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
        18⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 664
        10⤵
        Program crash
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        11⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
        12⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        13⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        14⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        15⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41110.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        12⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        13⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        14⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        15⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        16⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        11⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        13⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        14⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        15⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        16⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
        17⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        9⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        12⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 712
        7⤵
        Program crash
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
        13⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        14⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        15⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        16⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        12⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        13⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        14⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        15⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        16⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        12⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
        13⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        15⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        16⤵
        
        PID:1084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 720
        6⤵
        Program crash
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        10⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        11⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        12⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        13⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 624
        13⤵
        Program crash
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        11⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        12⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        12⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        13⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        14⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        15⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
        16⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 724
        13⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7286.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        9⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        10⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 608
        12⤵
        Program crash
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        11⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 660
        11⤵
        Program crash
        
        PID:1584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 760
        5⤵
        Program crash
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        11⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        12⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        13⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        14⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        15⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        16⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        17⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        12⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
        13⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        14⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        15⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        9⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
        12⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        14⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        15⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        10⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        12⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        13⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31825.exe
        10⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        12⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        13⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        14⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 696
        11⤵
        Program crash
        
        PID:5444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 740
      4⤵
      Program crash
      PID:5000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 728
    3⤵
    - Program crash
    PID:5040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 716
  2⤵
  - Program crash
  PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1360 -ip 1360
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2348 -ip 2348
1⤵
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3204 -ip 3204
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4928 -ip 4928
1⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3488 -ip 3488
1⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5020 -ip 5020
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 396 -ip 396
1⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1464 -ip 1464
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4040 -ip 4040
1⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1072 -ip 1072
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3332 -ip 3332
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3832 -ip 3832
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1728 -ip 1728
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2196 -ip 2196
1⤵
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3052 -ip 3052
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2812 -ip 2812
1⤵
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4676 -ip 4676
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1532 -ip 1532
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3880 -ip 3880
1⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2472 -ip 2472
1⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3536 -ip 3536
1⤵
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4888 -ip 4888
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1448 -ip 1448
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3272 -ip 3272
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4136 -ip 4136
1⤵
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2780 -ip 2780
1⤵
PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4500 -ip 4500
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5104 -ip 5104
1⤵
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2736 -ip 2736
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3944 -ip 3944
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 912 -ip 912
1⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2844 -ip 2844
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2436 -ip 2436
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4568 -ip 4568
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1564 -ip 1564
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 668 -ip 668
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1456 -ip 1456
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4724 -ip 4724
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2392 -ip 2392
1⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5000 -ip 5000
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4496 -ip 4496
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1216 -ip 1216
1⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2036 -ip 2036
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3000 -ip 3000
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4920 -ip 4920
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 876 -ip 876
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2380 -ip 2380
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 2936 -ip 2936
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2544 -ip 2544
1⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4288 -ip 4288
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 3540 -ip 3540
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 952 -ip 952
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 1244 -ip 1244
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 856 -ip 856
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 208 -ip 208
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3736 -ip 3736
1⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2508 -ip 2508
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 2184 -ip 2184
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 212 -ip 212
1⤵
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4016 -ip 4016
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3532 -ip 3532
1⤵
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 1624 -ip 1624
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4140 -ip 4140
1⤵
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1532 -ip 1532
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1920 -ip 1920
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5096 -ip 5096
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4648 -ip 4648
1⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3516 -ip 3516
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 4432 -ip 4432
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3264 -ip 3264
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2064 -ip 2064
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2640 -ip 2640
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 348 -ip 348
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2888 -ip 2888
1⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4044 -ip 4044
1⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3876 -ip 3876
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2468 -ip 2468
1⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5072 -ip 5072
1⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 4136 -ip 4136
1⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5188 -ip 5188
1⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5220 -ip 5220
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5240 -ip 5240
1⤵
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5316 -ip 5316
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5248 -ip 5248
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5368 -ip 5368
1⤵
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4832 -ip 4832
1⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5636 -ip 5636
1⤵
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5784 -ip 5784
1⤵
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5232 -ip 5232
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5292 -ip 5292
1⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5484 -ip 5484
1⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5256 -ip 5256
1⤵
PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4908 -ip 4908
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5552 -ip 5552
1⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5196 -ip 5196
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4460 -ip 4460
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4416 -ip 4416
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5700 -ip 5700
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6008 -ip 6008
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4500 -ip 4500
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3616 -ip 3616
1⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5360 -ip 5360
1⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5804 -ip 5804
1⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6000 -ip 6000
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2180 -ip 2180
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4404 -ip 4404
1⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2408 -ip 2408
1⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4160 -ip 4160
1⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4868 -ip 4868
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5748 -ip 5748
1⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4720 -ip 4720
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 412 -ip 412
1⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5716 -ip 5716
1⤵
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3924 -ip 3924
1⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5980 -ip 5980
1⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 920 -ip 920
1⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 1584 -ip 1584
1⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 696 -ip 696
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4484 -ip 4484
1⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 912 -ip 912
1⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1984 -ip 1984
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6096 -ip 6096
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 4548 -ip 4548
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2988 -ip 2988
1⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5812 -ip 5812
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1112 -ip 1112
1⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5448 -ip 5448
1⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 3332 -ip 3332
1⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 1444 -ip 1444
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5176 -ip 5176
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4904 -ip 4904
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5772 -ip 5772
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6036 -ip 6036
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5268 -ip 5268
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4212 -ip 4212
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5600 -ip 5600
1⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5376 -ip 5376
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5324 -ip 5324
1⤵
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5444 -ip 5444
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5284 -ip 5284
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6108 -ip 6108
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5996 -ip 5996
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5504 -ip 5504
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5036 -ip 5036
1⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1216 -ip 1216
1⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3780 -ip 3780
1⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1304 -ip 1304
1⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4988 -ip 4988
1⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5468 -ip 5468
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1152 -ip 1152
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 3204 -ip 3204
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6056 -ip 6056
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5960 -ip 5960
1⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5860 -ip 5860
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3140 -ip 3140
1⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5572 -ip 5572
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4040 -ip 4040
1⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5304 -ip 5304
1⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1952 -ip 1952
1⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5944 -ip 5944
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2760 -ip 2760
1⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4496 -ip 4496
1⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6020 -ip 6020
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 5780 -ip 5780
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5940 -ip 5940
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 5768 -ip 5768
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3000 -ip 3000
1⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5920 -ip 5920
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4288 -ip 4288
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1760 -ip 1760
1⤵
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4872 -ip 4872
1⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6400 -ip 6400
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6512 -ip 6512
1⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6416 -ip 6416
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1096 -ip 1096
1⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 6708 -ip 6708
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3252 -ip 3252
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7004 -ip 7004
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6960 -ip 6960
1⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6736 -ip 6736
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6700 -ip 6700
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5264 -ip 5264
1⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 6972 -ip 6972
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5692 -ip 5692
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 832 -ip 832
1⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5856 -ip 5856
1⤵
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5060 -ip 5060
1⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 384 -ip 384
1⤵
PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6968 -ip 6968
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6912 -ip 6912
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7144 -ip 7144
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6340 -ip 6340
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 7040 -ip 7040
1⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7120 -ip 7120
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4800 -ip 4800
1⤵
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6692 -ip 6692
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3668 -ip 3668
1⤵
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 7116 -ip 7116
1⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5276 -ip 5276
1⤵
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 208 -ip 208
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2328 -ip 2328
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3880 -ip 3880
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5124 -ip 5124
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3056 -ip 3056
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2752 -ip 2752
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5740 -ip 5740
1⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7024 -ip 7024
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7084 -ip 7084
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2068 -ip 2068
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2412 -ip 2412
1⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6408 -ip 6408
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 7092 -ip 7092
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5456 -ip 5456
1⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 1164 -ip 1164
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 6368 -ip 6368
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6224 -ip 6224
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6252 -ip 6252
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5852 -ip 5852
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6244 -ip 6244
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 3264 -ip 3264
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2648 -ip 2648
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 6956 -ip 6956
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6908 -ip 6908
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6904 -ip 6904
1⤵
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5320 -ip 5320
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 1532 -ip 1532
1⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6008 -ip 6008
1⤵
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3744 -ip 3744
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2592 -ip 2592
1⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7488 -ip 7488
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2688 -ip 2688
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1448 -ip 1448
1⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7592 -ip 7592
1⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3664 -ip 3664
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4832 -ip 4832
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5924 -ip 5924
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1076 -ip 1076
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 1300 -ip 1300
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3348 -ip 3348
1⤵
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1852 -ip 1852
1⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7848 -ip 7848
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5672 -ip 5672
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5640 -ip 5640
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 7136 -ip 7136
1⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5872 -ip 5872
1⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7696 -ip 7696
1⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 2864 -ip 2864
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7752 -ip 7752
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1592 -ip 1592
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7544 -ip 7544
1⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 4092 -ip 4092
1⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5344 -ip 5344
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4536 -ip 4536
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1452 -ip 1452
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4412 -ip 4412
1⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5928 -ip 5928
1⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6332 -ip 6332
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 7528 -ip 7528
1⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1808 -ip 1808
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7180 -ip 7180
1⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 4848 -ip 4848
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5396 -ip 5396
1⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5660 -ip 5660
1⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7512 -ip 7512
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6660 -ip 6660
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4648 -ip 4648
1⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6896 -ip 6896
1⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 2468 -ip 2468
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5440 -ip 5440
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 7460 -ip 7460
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7496 -ip 7496
1⤵
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4432 -ip 4432
1⤵
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5096 -ip 5096
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5372 -ip 5372
1⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6672 -ip 6672
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7644 -ip 7644
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6984 -ip 6984
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5484 -ip 5484
1⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6484 -ip 6484
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6732 -ip 6732
1⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 7652 -ip 7652
1⤵
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 1236 -ip 1236
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 2244 -ip 2244
1⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7704 -ip 7704
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7976 -ip 7976
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2392 -ip 2392
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1984 -ip 1984
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5052 -ip 5052
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4200 -ip 4200
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 6540 -ip 6540
1⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 8032 -ip 8032
1⤵
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5424 -ip 5424
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 7884 -ip 7884
1⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3128 -ip 3128
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3412 -ip 3412
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6088 -ip 6088
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1016 -ip 1016
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3656 -ip 3656
1⤵
PID:212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 1444 -ip 1444
1⤵
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3304 -ip 3304
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5520 -ip 5520
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 7880 -ip 7880
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4404 -ip 4404
1⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 2248 -ip 2248
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5512 -ip 5512
1⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7960 -ip 7960
1⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 7924 -ip 7924
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 6016 -ip 6016
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5940 -ip 5940
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1012 -ip 1012
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3488 -ip 3488
1⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3820 -ip 3820
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7032 -ip 7032
1⤵
PID:776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 6012 -ip 6012
1⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7380 -ip 7380
1⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2508 -ip 2508
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2768 -ip 2768
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5892 -ip 5892
1⤵
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 392 -ip 392
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6548 -ip 6548
1⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4196 -ip 4196
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5540 -ip 5540
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5880 -ip 5880
1⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 908 -ip 908
1⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7172 -ip 7172
1⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6420 -ip 6420
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5532 -ip 5532
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6560 -ip 6560
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5916 -ip 5916
1⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5452 -ip 5452
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 3700 -ip 3700
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1168 -ip 1168
1⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7812 -ip 7812
1⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7920 -ip 7920
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6648 -ip 6648
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 7192 -ip 7192
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7132 -ip 7132
1⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5224 -ip 5224
1⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 1888 -ip 1888
1⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 7064 -ip 7064
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7356 -ip 7356
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6616 -ip 6616
1⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7360 -ip 7360
1⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5692 -ip 5692
1⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7468 -ip 7468
1⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7268 -ip 7268
1⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 6148 -ip 6148
1⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5684 -ip 5684
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 8088 -ip 8088
1⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6212 -ip 6212
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5172 -ip 5172
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6244 -ip 6244
1⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5812 -ip 5812
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 7096 -ip 7096
1⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5264 -ip 5264
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2388 -ip 2388
1⤵
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2504 -ip 2504
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6320 -ip 6320
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 6960 -ip 6960
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6156 -ip 6156
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5592 -ip 5592
1⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6600 -ip 6600
1⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6032 -ip 6032
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2936 -ip 2936
1⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7288 -ip 7288
1⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5456 -ip 5456
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 752 -ip 752
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 8040 -ip 8040
1⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5932 -ip 5932
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 7576 -ip 7576
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 7368 -ip 7368
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 8004 -ip 8004
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6640 -ip 6640
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7024 -ip 7024
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7604 -ip 7604
1⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 2412 -ip 2412
1⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2612 -ip 2612
1⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5156 -ip 5156
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6240 -ip 6240
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 3732 -ip 3732
1⤵
PID:7804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe

Filesize
184KB

MD5
aec27db824d4df7fede9d4e107490860

SHA1
79c540508c49b8a0522c49e065ae6df357f82aad

SHA256
74c0715f5d39cbf7253ccfca8b04f92a9d1b41c80b9f61044111c7a47624753a

SHA512
fb200a03f6d097be0ceb2e241148817ac91dbf7e68a158e607d818bae756377904b725cd50808ded343c4e41608ff1eff6380101c659f8dfa70750a5df431ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe

Filesize
184KB

MD5
a199c2467939352b77d3d64ef54aee1f

SHA1
34401bf13b3545d91514a2597a1a3ac58da936d1

SHA256
47047066162e03562e592c34f664afb7865dd72fb541a828145edfb9c4ab2313

SHA512
eed4802a819af12e4139ebc46b761be8cc009f0854c207f8f1221a4bfea2e0af1d82bbfbda10eb3e4ee10df78ae5cba44dc4ff17fd36f2132b2d63dd70921d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe

Filesize
184KB

MD5
1264d24ee128fa21b799d51c27620e98

SHA1
6ed6bdaba9420717b1f476221bc09a7d5761e63a

SHA256
dc401669c57eb1cc530ff9e70c9df287365bee5d2eafacdce0f70c05a82ef0a6

SHA512
77093037bfcde0dce855310f3fae5d09af11f0c5d0703bff2eed4a73f5af65e86e49d986eaeabcf9e3ce78cc3eb8463a73fcddc3bd7c8138ee56b6ae51ceab97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe

Filesize
184KB

MD5
b16ac9cb947c98efe1b8ff6e5e5da3ca

SHA1
90a8e2b3db821f69281437aaa25fb8e10d5e2f9e

SHA256
839c1b2cb02d4e35c298657bcbfea9d4bb1e61d516754988ddce83547b52de57

SHA512
b0d329997933aa8e0d8564e1eab0a446e6a3510ad497b91511b2092a958688d5df68b694788695fbe52edac0d069ff7c665de3129315a9b0c751cfc40a8e5c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe

Filesize
184KB

MD5
6689f396660106f67e61363e7d57ed64

SHA1
b84a13084b401fa37235714e382b5a237ca3e504

SHA256
e83a184f3dd546e21d28994da639ecff093b29dc6ce936839aae7e75911fd9dc

SHA512
ac8c70e60b71fea8c6cf91c4f7d317385ee3b58ff9f40472f77fd4172bd52473dca07fdd04fba13a341cae3555e2912e60e3631b9848a76e75fe4b90c57acea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe

Filesize
184KB

MD5
46446419c8a2cf3ed9fed9589596356d

SHA1
e04dea6172210e9e26570c099b19691a04d267bd

SHA256
c7af4f78bd37d78b0b769fe720f0177ab8c42b9628c903e74c312f8732151087

SHA512
b9d7d9690eb6740744eac1b803283e7b5ccacab9c150fc2deb8d1264b868a0d38728b90ab41ce7315475ce1d7a335d1887e6baee65dfd0b3751fd368159a1472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13826.exe

Filesize
184KB

MD5
482d368ce6884c6122b9ec7e32ef2eff

SHA1
2a134dafbf211d13b3e214c5c2495a76874444cc

SHA256
864e748b4fec9ea94b1300172f454a97281d8b44a1a2425a3baf581f19ce468d

SHA512
63b326758a86479924df42d85968cfa40e82e3807bbc6cbde4437607281f1da8e8cc9f311e68c469c408dd9b9512295c4c0a8e41bb0be5228dbd4faeda98797e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14175.exe

Filesize
184KB

MD5
b165fad4bb5ea37153dae74fa8ce3421

SHA1
d968c011542d3b87ce6936b7a4783e9b4c1f74e6

SHA256
2e77854e9a4b4319ab042ac128f28e70830c5766faf80327bea18be1be95f24c

SHA512
39c09891fc9d74aced220906ddacf9c298d10d27a8a1163e70102a0585a9e748bd845bc8b098d31d1995d0524695a032faefaa6a7f7067281a29b66de8ddca5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe

Filesize
184KB

MD5
161c68ae424d8b841235d8eace532ffd

SHA1
372cdb32fcfa29aa7199c289ffbd5c1f3b18f40c

SHA256
c29afc9f136f2609bc9afe4ed6654bf7cc5a4f7e4772de99849ee4c2db0df39c

SHA512
c716a44d38bcdc18fed55530a26f6466896b6b6c1db235a43de6fcc915b0e63525d89ab744a78a3aa244b3cba64de8877d4c78f1e3b6a7f4709b29b53f6c5684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe

Filesize
184KB

MD5
a1c0f3fc8184d7b38fcd141a828a2c2c

SHA1
c0d9b7ada0bf734924a5932c3e9c7b23e1350308

SHA256
5160c74d574edb556f18789bf09b22b837db111b7779186b6084f5516eb8dfaa

SHA512
ae3e4f7c74b7ef4a0c012e9e88ee24d559f64c7d46ae3d57089b5b1ceef2e4558cc446414426fafab4055f5b700cdee4f2d5b29c2c988c93b2262175c7ba2c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe

Filesize
184KB

MD5
68cd521f3b8c3d91d44591970c000b55

SHA1
9258f1ef4110972b1c8490922d1d1bafea3a8128

SHA256
dffc6febbedf33a79d29a6f003d0b2faba757f7d70c1a06926c56a916a5511e1

SHA512
95d42efe500a8cca13cb6739c62cdf9ec429d0d9f3d8d8bdf153aac82093f69573ef9e37b213499b066fc9e2a2986f033365ccc633668294e2976ed2ad7aba09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe

Filesize
184KB

MD5
dda915a8bc92069d5334d5275b684f41

SHA1
be4b847c06b2d43803e11fbed24817d553621058

SHA256
1158618a37d95d5bb1fa0a2f8f521e15917b92613cb6ed0a218f96d6670ca645

SHA512
787120e89d13f0c63d2a6f7231aabdff85754a9befe1cc09bee4e41fc9c5a0fcca065ae9cba2497acb0c8f1e0e90f04cf1c8f90306a0e0ae8adcdc9983d11ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe

Filesize
184KB

MD5
1b7a60dd3d1c118cb73808f8a88c642c

SHA1
831980902f12be1dc8894157c2b8b0a0e771f6d7

SHA256
c583dd4696410343a2281187fd663c91fd0affa0c845bf0d0a26e2e6acf0ed01

SHA512
1d6acb7425576fd35a6a07c1fe5ef1c1b8649a6239adf3579afedddfa45f156e0b6b6b2d3e227537fdff758cc8aad71d2779d72301c2579b74c018b1c121712c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe

Filesize
184KB

MD5
eec5c2f943778845ae7c4ac68c66afb0

SHA1
22d9d8718cfca0c9acbd4cd5f5a0b637553c62d4

SHA256
b03a5efe2728f9aee2f69e4f5b7e99c24c46c33cc9c9c83158b131722739f7c7

SHA512
e890a4595d7932ff68a51105ecedfa6cc7352b1a5b373204f38fcac1b9e9d0e71a064ffb419cf4bd82020acda509b2705578c427698c713963f1754d8d6a04ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe

Filesize
184KB

MD5
adf0c2dcebbbfa084883788396f313bb

SHA1
301ed34ecd1494b0ded5470b24f9c9e6c0d71212

SHA256
65191b8399a5054de932cfb86cedc06a24bca8f59fccecb09ebf6d808628cbcd

SHA512
dc344f5b52deb7c776e8b0b958bd6c2c5a5653980f3cd5b2456524e38ca3c21ee7802bc9679d7997ea3e9c35e58cc506fe24423c8ae9aac13878056ed2b951a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe

Filesize
184KB

MD5
786a4a32f37032f3edd719a6769f5321

SHA1
fc7cc27bb47ac53cfd771a1fa44a484eb4bb4a7f

SHA256
774c25a49244c50ac51c9186732cbaef1b20f0d350394ba5dea0330e1ed92bc1

SHA512
47720489b3498f8f4f0492ca0086edaa3dfbce8fb097b1470c3ce824b43856fb03be7b86b883a54be5458980daca0fe71a6c2c52446093b22fd8f7abe68c5799

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe

Filesize
184KB

MD5
68c2959bd016c2497ce67cc0fe5c201c

SHA1
69f0ca5bac67611a7f749730e6823cce935a5af3

SHA256
7c24606d0fc88ff178fd2ff2fcd556623d975bcc96fa4f69e60ee9950f66c904

SHA512
0c24be8fe8286dca35f46759ab4ab83211d0085f7bc7c33b4daadf4073b3b6a79ee27366369c816794e91c73d984144752570f4cb8373fcc60428d39f38be290

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe

Filesize
184KB

MD5
4d4a11d77f90ebfd02f3f2f10f9c8688

SHA1
1275a127ffe79ca95f18ef30b1d63f3dea991d14

SHA256
ae5400a20d5b840f36c96fea75d86222ac1230f631402db2ce7744615d2dd0e5

SHA512
3c3ddab3132e6bbce0657ed629f79fcf2845ea745dace48715512ce63c9376b29344ef4dfddb3fde3a8bd13869073f9da4e2cd0e22f20dc43a6de72a593592a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe

Filesize
184KB

MD5
c0b3c5e425ae83087a9ba3f5b884f6ec

SHA1
cb28f26e29e6ac8d32fb0b1e8fc3854caacb910e

SHA256
1b3753db41eba14e45f6d2f1631d22188f0afef3c20c34fd97e1cb37726a9d69

SHA512
4d1f9bde288c4f1764cad36ae68027f5227eea7b731a74f582b9b9cf3feca6d39efc0d7cfdedf37e28fe5e4e1a5bef6df3c0fc63dbb080717bf1def417597d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe

Filesize
184KB

MD5
6313537533aab5ecbb89141d97eca7bb

SHA1
a8a926ed081c23be9a3e07a99ab1addb91f2f2dd

SHA256
17b0a859668e4270c5e3f9d78f11d5e81dc87031ec176d4aba306b2c1ef8a697

SHA512
b9642b389d4ad833801e47f3bd38aa74b4fe2be24df0ca96b628aa273f67a20a6c0da7870c6f2d5657afd7c41826c05b3dc66a4391d78f5651492d2474baa723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe

Filesize
184KB

MD5
6c952bd36511e80c3a2cfcc88cf0f861

SHA1
391dd300b75ee91390aaf9421d80acedec8eaa3f

SHA256
1a297aed196a78aef9e2546e6efca9faa12cf4813821aa8c8c8ffb4b9ca54725

SHA512
52beb78aab9e62fc3a0cb13e01171448c341927ace399d4ad9fd9a7d147f6cba9464c240813bdc9f3a277ed8163389b380f1fb911463ff0f761d70e04089b6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe

Filesize
184KB

MD5
eef69181e70339c15758c02005bd19ef

SHA1
24ad4405a4609e260044746508812aaa4723710e

SHA256
ff5e663a13652ea0aaaceb00a290b03ee4ce8538fe5eb71d2ce7f3f1651ad1ab

SHA512
3811b0064d83f9f725e3e15e555507ed025f00e3fe06e73807b873b4f4eb36d5eff4af8ca534bfc1a96be765491b3446e85d37c3599ce06c1a9b1adfecfb75de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe

Filesize
184KB

MD5
3720044287c762d7ca1796e7bb395924

SHA1
2fe3dc4abe2796f5fff8a055d36d7c7ecd5e489c

SHA256
f5843784b7b36b1aa80ee4b002dbd3b197b39ade0eccbfbd5739a1706a2a3d01

SHA512
3591cb35aaf39bbc28255fccc9416718c2501469b239544a7e5d87561065b5aa343293916cead962c001dad277c15495735eb20e06c730bf2c53ac22316ff0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe

Filesize
184KB

MD5
d69db6d029eed71916bc84e48abd0c5a

SHA1
6976a246ac0b778b8718865486af9273fe575218

SHA256
6334139b467a71d6947a41a3ca6fdf32b453f09e1b21ca39e61bd6e2ce224ef2

SHA512
8450dd624819a51a9e47f4dea8eba0e6766d934fe95088866361e49ba38682bf9d89b3a057625a62165689dcd2cab685f88ddca07a2c3b40bc3b7df456ebf6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe

Filesize
184KB

MD5
5264e13449a453ff5ba0b12d19c44822

SHA1
775bf252857fcdcaed52f7e75caf29d9f8ee0441

SHA256
125db2d560a1283012c2d5ef46114c5bc61a3cb305d42f3b6b4834b3f2419386

SHA512
e9e8d777d06eb9725e8e6dbb01539db369e82a41bfd577b0c3668078666bb9ff6e1656bd4181476482ec6e452614239c7e8491d37477d657b74e8c836b58decf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe

Filesize
184KB

MD5
c6eaa043fdc907113b2ab385243ab0d2

SHA1
a7c71878bf4df8fa324bc711c2d632348d584201

SHA256
255082023e42874500792b363b3a0f0023c2b00deceecbac23b58e60e9be375d

SHA512
5be03b48029dfa74f7beed70d5d67e1546c3288aeb35f9a2e06d843fe2a728ba531e60daf7e6e832e424f8f4d7e40d0ca5a39575f8dc5577a6bea4477e596ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe

Filesize
184KB

MD5
100679fd0da3be88c91a46a5739e59fa

SHA1
a6f3386be1e2967f6c6e6f1002eb1720046a5816

SHA256
aee0a53611273313d60481fbe9cf034ad9f546ca0c5bb9cd16549c2360b30107

SHA512
a006499a06d2db7f7e9a6df7dff41624cca41a1c096ff056f12a89da130d8c145717faecfddf617aa22c0fe8042d554c6abb3e2630a65516e8195c6f91933911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe

Filesize
184KB

MD5
a8fa7efd1282e422de9e6b10ec5d5415

SHA1
e3de6fb22fbb5cefc279c9c447ab0f0d332e2dba

SHA256
2f33879cac8e1bd8439a0e9ce4f96a2c072984ac9088c6cca9d40cfd7ed9d76b

SHA512
c1bf0f82d7ae220bb8c12f4aa9707c21993fb5dbf4c610c0d834eec47e87e2da46b8e08b520eb4e782df5f71a7e0c667723e36e7886baad9a989a4b4bf62cb46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe

Filesize
184KB

MD5
c3629c5413221982d8db81f5467090bb

SHA1
494fd5d8d858a7929f2b96ad16c24e5e43e8811b

SHA256
4f670caf00b929209974266c1984472f1acacffc570ddf90a9227ea2bdf36d4a

SHA512
9fb3d1ec7f3720af5ec09a99fddfc88c8f71a6d5d288c572d05e5403c8423b1cc0743e548b44c9d5e312c7fa928ce0e2682b903a9d6f50d5ecd5e8c42ccc89d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe

Filesize
184KB

MD5
9174ca1e40af301433773fca18be7b34

SHA1
a11ec03d084f3632887b6733388adc136030ffc4

SHA256
6e5445bb9655849a53baf7b33c169cc886465eb7c0f8460df4a4f7723e60f219

SHA512
4a42df2b4ae92f7cce1a533a09feccbdd5f08affaac29e74b88c2705940889c529f1cac181b96c68c3ef9a420b2ac3f332a6a68d7375c12376b17e0588ac0f83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe

Filesize
184KB

MD5
052a52f3972af267dc230b29ccb87482

SHA1
705cf2ede29ede96a0b0f3384ac5fa408cca5892

SHA256
d5427e32fd41cfbc530cec69d07c434927f53836f00fb1e232e96ef163d8efa7

SHA512
90b474109ad06d25b4caa4eeda7ba1e59a30d829bf61aaac00581c10421271e226740ddfb8202b16ea6b75cc3bc29413df305a7fc87a52d33552369003acd560

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe

Filesize
184KB

MD5
dbf13ef04351c3373ccf0e962fb19682

SHA1
968bd357ec8c633ad68389cfb5dab830b6b5017d

SHA256
3e19c557ae100de5e6d66b197b0a065b92d4d9a517f26bd498a85b0317eaa9c5

SHA512
3e761d072754bd9d7bfc23d3245cda9bbd534d3722ace77360675b1f6416067c6c39ca0d3f54dec99313d8bf56fa9a672a858548982940ec62b4e3d2319a0edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe

Filesize
184KB

MD5
7a2aacadc97a6e41d38e88e4cd46ce74

SHA1
2b485e3bf2de22991d91a432c64d41a0aac7b08d

SHA256
a3039bc0163e099da290a6400ab1b573b8ec9bbec6be66e7627c50994b9cc73d

SHA512
00ed5ada56aefdedb309b163cdbb4bf784725ba25a68db78ebd613dfd24a2ac517fe318266540f7435f4d77f1f3712d68dafc631625211476a9d453bdd05f75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe

Filesize
184KB

MD5
7f60319608f68c191742a0eb337bb48c

SHA1
73228696eaa0ff1b1b3ee3aa62ea3a5c87544b39

SHA256
ff2832b07b72db9b53402d9c2a90453fa77f3cff5ed7cd471fc2c0c8696e4314

SHA512
0ddc21e8d5c8da7a18494234d600bc8825c3363192717e3fabb03573a10010c45f155fe331138185c90054e9338d169b5d3f8d7c985020565840501fda3adc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe

Filesize
184KB

MD5
5a4a2068edb7066740f68a791c9e355f

SHA1
babe5771a00bec052a3787cae624f09f30155189

SHA256
6b08c1535199457a4fa9882b23fa837d672a6cc09cbf80172bcef468b9e20425

SHA512
9b82f73ffa0624a0d6bf9fe95ac40c16240723b251e0f43179d9ef57305333b7eb0bff66a5b0d9da8dcf0e649b94f9ee023d9baf9997bd8673ffbe2a33b28874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe

Filesize
184KB

MD5
05f76c7bb06d9fd885f39a6f3e288e8e

SHA1
3f7d4e67ea83d21532f7a23e3f462860f5877a6b

SHA256
82b4e7e22e569d4e8183c5ed632c1afa3c57f3afb57fd743aeb211e99f9c423e

SHA512
05d0a9ed6e427d42384f13d255928cfa9e1faaf6c4f74a438b5d1180941bcb9b05aa269e824cb819a277821789184a8657034c63061827cf9e0c7fc90152f80a

Download Submit