898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8

Analysis

max time kernel
152s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
Size

184KB
MD5

19ff13b0582f63b5cf351636f4c83545
SHA1

271eaa2801055ab3625456d766b4f270bbb773a3
SHA256

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8
SHA512

933e009d611a5e8fc6fb518ce6e20c12e03888ac0b328fde5bdf62ca531f0d6fec8a502280b67177b421d65fb9352a1f0203a57a49f40f7f48ba0f1985216fe5
SSDEEP

3072:y8SA6goJxnUsdtfoe1LOBZJSIBYGzol1s+nJKO5eUskYulnV8FmnT:y8Xo0YtfVOTJSI4jnIvulnV8Fm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-19660.exeUnicorn-4296.exeUnicorn-43836.exeUnicorn-49317.exeUnicorn-12067.exeUnicorn-13527.exeUnicorn-24828.exeUnicorn-52425.exeUnicorn-36327.exeUnicorn-38809.exeUnicorn-16175.exeUnicorn-57082.exeUnicorn-61109.exeUnicorn-15167.exeUnicorn-13688.exeUnicorn-24772.exeUnicorn-50423.exeUnicorn-58155.exeUnicorn-18203.exeUnicorn-52423.exeUnicorn-20272.exeUnicorn-40138.exeUnicorn-30422.exeUnicorn-15128.exeUnicorn-18134.exeUnicorn-34994.exeUnicorn-56089.exeUnicorn-10417.exeUnicorn-59094.exeUnicorn-30449.exeUnicorn-8583.exeUnicorn-8583.exeUnicorn-49881.exeUnicorn-23347.exeUnicorn-38695.exeUnicorn-11995.exeUnicorn-57694.exeUnicorn-57052.exeUnicorn-53459.exeUnicorn-43812.exeUnicorn-47839.exeUnicorn-36096.exeUnicorn-40123.exeUnicorn-35048.exeUnicorn-35048.exeUnicorn-34503.exeUnicorn-36027.exeUnicorn-65383.exeUnicorn-27359.exeUnicorn-62196.exeUnicorn-42330.exeUnicorn-39126.exeUnicorn-24979.exeUnicorn-35030.exeUnicorn-44222.exeUnicorn-24979.exeUnicorn-52414.exeUnicorn-64865.exeUnicorn-57606.exeUnicorn-53941.exeUnicorn-13528.exeUnicorn-62187.exeUnicorn-62187.exeUnicorn-22323.exe

pid	process
3500	Unicorn-19660.exe
3396	Unicorn-4296.exe
2980	Unicorn-43836.exe
1584	Unicorn-49317.exe
1968	Unicorn-12067.exe
3912	Unicorn-13527.exe
3244	Unicorn-24828.exe
4040	Unicorn-52425.exe
3004	Unicorn-36327.exe
888	Unicorn-38809.exe
4940	Unicorn-16175.exe
5008	Unicorn-57082.exe
3340	Unicorn-61109.exe
760	Unicorn-15167.exe
2052	Unicorn-13688.exe
2920	Unicorn-24772.exe
4932	Unicorn-50423.exe
3672	Unicorn-58155.exe
2208	Unicorn-18203.exe
3712	Unicorn-52423.exe
2024	Unicorn-20272.exe
4712	Unicorn-40138.exe
4468	Unicorn-30422.exe
4388	Unicorn-15128.exe
1516	Unicorn-18134.exe
4300	Unicorn-34994.exe
4720	Unicorn-56089.exe
2440	Unicorn-10417.exe
1640	Unicorn-59094.exe
2860	Unicorn-30449.exe
4644	Unicorn-8583.exe
4564	Unicorn-8583.exe
4352	Unicorn-49881.exe
2020	Unicorn-23347.exe
2072	Unicorn-38695.exe
5076	Unicorn-11995.exe
1496	Unicorn-57694.exe
2992	Unicorn-57052.exe
2400	Unicorn-53459.exe
5072	Unicorn-43812.exe
1588	Unicorn-47839.exe
688	Unicorn-36096.exe
2168	Unicorn-40123.exe
3084	Unicorn-35048.exe
716	Unicorn-35048.exe
1664	Unicorn-34503.exe
1500	Unicorn-36027.exe
2232	Unicorn-65383.exe
2916	Unicorn-27359.exe
2188	Unicorn-62196.exe
1528	Unicorn-42330.exe
5260	Unicorn-39126.exe
5288	Unicorn-24979.exe
5320	Unicorn-35030.exe
5272	Unicorn-44222.exe
5296	Unicorn-24979.exe
5460	Unicorn-52414.exe
5504	Unicorn-64865.exe
5524	Unicorn-57606.exe
5592	Unicorn-53941.exe
5636	Unicorn-13528.exe
5672	Unicorn-62187.exe
5680	Unicorn-62187.exe
5748	Unicorn-22323.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1192	4296	WerFault.exe	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
4844	3500	WerFault.exe	Unicorn-19660.exe
5044	3396	WerFault.exe	Unicorn-4296.exe
2436	2980	WerFault.exe	Unicorn-43836.exe
1996	1584	WerFault.exe	Unicorn-49317.exe
3500	1968	WerFault.exe	Unicorn-12067.exe
456	3912	WerFault.exe	Unicorn-13527.exe
572	3244	WerFault.exe	Unicorn-24828.exe
4672	888	WerFault.exe	Unicorn-38809.exe
4308	4040	WerFault.exe	Unicorn-52425.exe
1664	4940	WerFault.exe	Unicorn-16175.exe
4820	5008	WerFault.exe	Unicorn-57082.exe
776	3340	WerFault.exe	Unicorn-61109.exe
5348	760	WerFault.exe	Unicorn-15167.exe
5252	2052	WerFault.exe	Unicorn-13688.exe
6000	2024	WerFault.exe	Unicorn-20272.exe
5164	3672	WerFault.exe	Unicorn-58155.exe
4932	4712	WerFault.exe	Unicorn-40138.exe
5248	4564	WerFault.exe	Unicorn-8583.exe
4980	4352	WerFault.exe	Unicorn-49881.exe
2764	5076	WerFault.exe	Unicorn-11995.exe
1912	2168	WerFault.exe	Unicorn-40123.exe
2500	688	WerFault.exe	Unicorn-36096.exe
6072	5072	WerFault.exe	Unicorn-43812.exe
5476	1588	WerFault.exe	Unicorn-47839.exe
5900	688	WerFault.exe	Unicorn-36096.exe
644	2232	WerFault.exe	Unicorn-65383.exe
2764	5636	WerFault.exe	Unicorn-13528.exe
2240	6096	WerFault.exe	Unicorn-20700.exe
1928	5680	WerFault.exe	Unicorn-62187.exe
5932	832	WerFault.exe	Unicorn-39656.exe
5372	5356	WerFault.exe	Unicorn-22658.exe
5236	760	WerFault.exe	Unicorn-44186.exe
5336	2664	WerFault.exe	Unicorn-22305.exe
5420	6064	WerFault.exe	Unicorn-39192.exe
3380	1420	WerFault.exe	Unicorn-32057.exe
5228	692	WerFault.exe	Unicorn-38530.exe
4400	5752	WerFault.exe	Unicorn-12028.exe
5124	5612	WerFault.exe	Unicorn-2719.exe
6076	5548	WerFault.exe	Unicorn-32036.exe
380	5768	WerFault.exe	Unicorn-38680.exe
2568	5688	WerFault.exe	Unicorn-53525.exe
5204	1476	WerFault.exe	Unicorn-39033.exe
456	5820	WerFault.exe	Unicorn-56076.exe
5588	5760	WerFault.exe	Unicorn-29266.exe
1768	5556	WerFault.exe	Unicorn-59259.exe
5184	2624	WerFault.exe	Unicorn-12893.exe
6076	5948	WerFault.exe	Unicorn-44357.exe
4540	2916	WerFault.exe	Unicorn-47186.exe
5276	3712	WerFault.exe	Unicorn-57217.exe
5560	2872	WerFault.exe	Unicorn-58223.exe
5392	5304	WerFault.exe	Unicorn-3707.exe
1788	4820	WerFault.exe	Unicorn-25712.exe
1476	5044	WerFault.exe	Unicorn-44123.exe
5356	5400	WerFault.exe	Unicorn-42084.exe
5344	864	WerFault.exe	Unicorn-30838.exe
3500	6044	WerFault.exe	Unicorn-6980.exe
5212	2568	WerFault.exe	Unicorn-42084.exe
6424	5320	WerFault.exe	Unicorn-55402.exe
6500	1596	WerFault.exe	Unicorn-54781.exe
6684	5368	WerFault.exe	Unicorn-4971.exe
2304	3548	WerFault.exe	Unicorn-4971.exe
6448	4296	WerFault.exe	Unicorn-5525.exe
2472	5456	WerFault.exe	Unicorn-43054.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exeUnicorn-19660.exeUnicorn-4296.exeUnicorn-43836.exeUnicorn-49317.exeUnicorn-12067.exeUnicorn-13527.exeUnicorn-24828.exeUnicorn-52425.exeUnicorn-38809.exeUnicorn-36327.exeUnicorn-16175.exeUnicorn-57082.exeUnicorn-61109.exeUnicorn-15167.exeUnicorn-13688.exeUnicorn-50423.exeUnicorn-24772.exeUnicorn-18203.exeUnicorn-58155.exeUnicorn-52423.exeUnicorn-20272.exeUnicorn-40138.exeUnicorn-30422.exeUnicorn-15128.exeUnicorn-18134.exeUnicorn-34994.exeUnicorn-30449.exeUnicorn-8583.exeUnicorn-59094.exeUnicorn-56089.exeUnicorn-10417.exeUnicorn-8583.exeUnicorn-49881.exeUnicorn-23347.exeUnicorn-38695.exeUnicorn-11995.exeUnicorn-57694.exeUnicorn-57052.exeUnicorn-47839.exeUnicorn-53459.exeUnicorn-43812.exeUnicorn-36096.exeUnicorn-35048.exeUnicorn-40123.exeUnicorn-35048.exeUnicorn-65383.exeUnicorn-42330.exeUnicorn-36027.exeUnicorn-34503.exeUnicorn-27359.exeUnicorn-62196.exeUnicorn-24979.exeUnicorn-35030.exeUnicorn-24979.exeUnicorn-39126.exeUnicorn-44222.exeUnicorn-52414.exeUnicorn-57606.exeUnicorn-64865.exeUnicorn-53941.exeUnicorn-13528.exeUnicorn-62187.exeUnicorn-22323.exe

pid	process
4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
3500	Unicorn-19660.exe
3396	Unicorn-4296.exe
2980	Unicorn-43836.exe
1584	Unicorn-49317.exe
1968	Unicorn-12067.exe
3912	Unicorn-13527.exe
3244	Unicorn-24828.exe
4040	Unicorn-52425.exe
888	Unicorn-38809.exe
3004	Unicorn-36327.exe
4940	Unicorn-16175.exe
5008	Unicorn-57082.exe
3340	Unicorn-61109.exe
760	Unicorn-15167.exe
2052	Unicorn-13688.exe
4932	Unicorn-50423.exe
2920	Unicorn-24772.exe
2208	Unicorn-18203.exe
3672	Unicorn-58155.exe
3712	Unicorn-52423.exe
2024	Unicorn-20272.exe
4712	Unicorn-40138.exe
4468	Unicorn-30422.exe
4388	Unicorn-15128.exe
1516	Unicorn-18134.exe
4300	Unicorn-34994.exe
2860	Unicorn-30449.exe
4644	Unicorn-8583.exe
1640	Unicorn-59094.exe
4720	Unicorn-56089.exe
2440	Unicorn-10417.exe
4564	Unicorn-8583.exe
4352	Unicorn-49881.exe
2020	Unicorn-23347.exe
2072	Unicorn-38695.exe
5076	Unicorn-11995.exe
1496	Unicorn-57694.exe
2992	Unicorn-57052.exe
1588	Unicorn-47839.exe
2400	Unicorn-53459.exe
5072	Unicorn-43812.exe
688	Unicorn-36096.exe
3084	Unicorn-35048.exe
2168	Unicorn-40123.exe
716	Unicorn-35048.exe
2232	Unicorn-65383.exe
1528	Unicorn-42330.exe
1500	Unicorn-36027.exe
1664	Unicorn-34503.exe
2916	Unicorn-27359.exe
2188	Unicorn-62196.exe
5296	Unicorn-24979.exe
5320	Unicorn-35030.exe
5288	Unicorn-24979.exe
5260	Unicorn-39126.exe
5272	Unicorn-44222.exe
5460	Unicorn-52414.exe
5524	Unicorn-57606.exe
5504	Unicorn-64865.exe
5592	Unicorn-53941.exe
5636	Unicorn-13528.exe
5672	Unicorn-62187.exe
5748	Unicorn-22323.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 4296 wrote to memory of 3500	4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-19660.exe
PID 4296 wrote to memory of 3500	4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-19660.exe
PID 4296 wrote to memory of 3500	4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-19660.exe
PID 3500 wrote to memory of 3396	3500	Unicorn-19660.exe	Unicorn-4296.exe
PID 3500 wrote to memory of 3396	3500	Unicorn-19660.exe	Unicorn-4296.exe
PID 3500 wrote to memory of 3396	3500	Unicorn-19660.exe	Unicorn-4296.exe
PID 4296 wrote to memory of 2980	4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-43836.exe
PID 4296 wrote to memory of 2980	4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-43836.exe
PID 4296 wrote to memory of 2980	4296	898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe	Unicorn-43836.exe
PID 3396 wrote to memory of 1584	3396	Unicorn-4296.exe	Unicorn-49317.exe
PID 3396 wrote to memory of 1584	3396	Unicorn-4296.exe	Unicorn-49317.exe
PID 3396 wrote to memory of 1584	3396	Unicorn-4296.exe	Unicorn-49317.exe
PID 3500 wrote to memory of 1968	3500	Unicorn-19660.exe	Unicorn-12067.exe
PID 3500 wrote to memory of 1968	3500	Unicorn-19660.exe	Unicorn-12067.exe
PID 3500 wrote to memory of 1968	3500	Unicorn-19660.exe	Unicorn-12067.exe
PID 2980 wrote to memory of 3912	2980	Unicorn-43836.exe	Unicorn-13527.exe
PID 2980 wrote to memory of 3912	2980	Unicorn-43836.exe	Unicorn-13527.exe
PID 2980 wrote to memory of 3912	2980	Unicorn-43836.exe	Unicorn-13527.exe
PID 1584 wrote to memory of 3244	1584	Unicorn-49317.exe	Unicorn-24828.exe
PID 1584 wrote to memory of 3244	1584	Unicorn-49317.exe	Unicorn-24828.exe
PID 1584 wrote to memory of 3244	1584	Unicorn-49317.exe	Unicorn-24828.exe
PID 1968 wrote to memory of 4040	1968	Unicorn-12067.exe	Unicorn-52425.exe
PID 1968 wrote to memory of 4040	1968	Unicorn-12067.exe	Unicorn-52425.exe
PID 1968 wrote to memory of 4040	1968	Unicorn-12067.exe	Unicorn-52425.exe
PID 3396 wrote to memory of 3004	3396	Unicorn-4296.exe	Unicorn-36327.exe
PID 3396 wrote to memory of 3004	3396	Unicorn-4296.exe	Unicorn-36327.exe
PID 3396 wrote to memory of 3004	3396	Unicorn-4296.exe	Unicorn-36327.exe
PID 3912 wrote to memory of 888	3912	Unicorn-13527.exe	Unicorn-38809.exe
PID 3912 wrote to memory of 888	3912	Unicorn-13527.exe	Unicorn-38809.exe
PID 3912 wrote to memory of 888	3912	Unicorn-13527.exe	Unicorn-38809.exe
PID 2980 wrote to memory of 4940	2980	Unicorn-43836.exe	Unicorn-16175.exe
PID 2980 wrote to memory of 4940	2980	Unicorn-43836.exe	Unicorn-16175.exe
PID 2980 wrote to memory of 4940	2980	Unicorn-43836.exe	Unicorn-16175.exe
PID 3244 wrote to memory of 5008	3244	Unicorn-24828.exe	Unicorn-57082.exe
PID 3244 wrote to memory of 5008	3244	Unicorn-24828.exe	Unicorn-57082.exe
PID 3244 wrote to memory of 5008	3244	Unicorn-24828.exe	Unicorn-57082.exe
PID 4040 wrote to memory of 3340	4040	Unicorn-52425.exe	Unicorn-61109.exe
PID 4040 wrote to memory of 3340	4040	Unicorn-52425.exe	Unicorn-61109.exe
PID 4040 wrote to memory of 3340	4040	Unicorn-52425.exe	Unicorn-61109.exe
PID 1968 wrote to memory of 760	1968	Unicorn-12067.exe	Unicorn-15167.exe
PID 1968 wrote to memory of 760	1968	Unicorn-12067.exe	Unicorn-15167.exe
PID 1968 wrote to memory of 760	1968	Unicorn-12067.exe	Unicorn-15167.exe
PID 1584 wrote to memory of 2052	1584	Unicorn-49317.exe	Unicorn-13688.exe
PID 1584 wrote to memory of 2052	1584	Unicorn-49317.exe	Unicorn-13688.exe
PID 1584 wrote to memory of 2052	1584	Unicorn-49317.exe	Unicorn-13688.exe
PID 888 wrote to memory of 2920	888	Unicorn-38809.exe	Unicorn-24772.exe
PID 888 wrote to memory of 2920	888	Unicorn-38809.exe	Unicorn-24772.exe
PID 888 wrote to memory of 2920	888	Unicorn-38809.exe	Unicorn-24772.exe
PID 3004 wrote to memory of 4932	3004	Unicorn-36327.exe	Unicorn-50423.exe
PID 3004 wrote to memory of 4932	3004	Unicorn-36327.exe	Unicorn-50423.exe
PID 3004 wrote to memory of 4932	3004	Unicorn-36327.exe	Unicorn-50423.exe
PID 3912 wrote to memory of 3672	3912	Unicorn-13527.exe	Unicorn-58155.exe
PID 3912 wrote to memory of 3672	3912	Unicorn-13527.exe	Unicorn-58155.exe
PID 3912 wrote to memory of 3672	3912	Unicorn-13527.exe	Unicorn-58155.exe
PID 4940 wrote to memory of 2208	4940	Unicorn-16175.exe	Unicorn-18203.exe
PID 4940 wrote to memory of 2208	4940	Unicorn-16175.exe	Unicorn-18203.exe
PID 4940 wrote to memory of 2208	4940	Unicorn-16175.exe	Unicorn-18203.exe
PID 5008 wrote to memory of 3712	5008	Unicorn-57082.exe	Unicorn-52423.exe
PID 5008 wrote to memory of 3712	5008	Unicorn-57082.exe	Unicorn-52423.exe
PID 5008 wrote to memory of 3712	5008	Unicorn-57082.exe	Unicorn-52423.exe
PID 3244 wrote to memory of 2024	3244	Unicorn-24828.exe	Unicorn-20272.exe
PID 3244 wrote to memory of 2024	3244	Unicorn-24828.exe	Unicorn-20272.exe
PID 3244 wrote to memory of 2024	3244	Unicorn-24828.exe	Unicorn-20272.exe
PID 3340 wrote to memory of 4712	3340	Unicorn-61109.exe	Unicorn-40138.exe

C:\Users\Admin\AppData\Local\Temp\898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe
"C:\Users\Admin\AppData\Local\Temp\898de1240aabe4de6608caa654f2c31695e41c7644c01715b5d32985f1d031b8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
11⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
12⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
13⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
14⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
15⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
16⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
17⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
18⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
19⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
20⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
21⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
22⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
23⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
24⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 656
22⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
19⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
20⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
21⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
22⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
23⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-60161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60161.exe
14⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
15⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
16⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
17⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
18⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
19⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
20⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49031.exe
21⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
22⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
23⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 652
19⤵
- Program crash
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
18⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
19⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
20⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
21⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 652
17⤵
- Program crash
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 648
16⤵
- Program crash
PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 636
13⤵
- Program crash
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 736
9⤵
- Program crash
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
11⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-32057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32057.exe
12⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
13⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
14⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
15⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
16⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
17⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
18⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
19⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
20⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
21⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
22⤵
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
23⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
18⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
19⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
20⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
21⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
22⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 752
20⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 716
13⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 724
7⤵
- Program crash
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
11⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
12⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
13⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
14⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
15⤵
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 624
12⤵
- Program crash
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 664
10⤵
- Program crash
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 664
8⤵
- Program crash
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
11⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
12⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
13⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
14⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
15⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
16⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
17⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
18⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
19⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
20⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
21⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 740
15⤵
- Program crash
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 748
7⤵
- Program crash
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 752
6⤵
- Program crash
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
9⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
10⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26904.exe
11⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
12⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
13⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
14⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
15⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
16⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
17⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
18⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
19⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
20⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
21⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 644
19⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 652
17⤵
- Program crash
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
16⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
17⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
18⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
19⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
20⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 600
18⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 716
11⤵
- Program crash
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 740
8⤵
- Program crash
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 660
6⤵
- Program crash
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 656
5⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
9⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
10⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
11⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
12⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
13⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
14⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
15⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
16⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
17⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
18⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
19⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
20⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
21⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
22⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
17⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
18⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
19⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
20⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
21⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
22⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 740
17⤵
- Program crash
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
10⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
11⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
12⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
13⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
14⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
15⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
16⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
17⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
18⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
19⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
20⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 664
16⤵
- Program crash
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 752
15⤵
- Program crash
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
8⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38530.exe
10⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
11⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
12⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
13⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
14⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
15⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
16⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
17⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
18⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
19⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
20⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
21⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 636
16⤵
- Program crash
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 696
12⤵
- Program crash
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 652
11⤵
- Program crash
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
7⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
8⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
10⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
11⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
12⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
13⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
14⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-851.exe
15⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 744
15⤵
- Program crash
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 744
14⤵
- Program crash
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 764
4⤵
- Program crash
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
12⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
13⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
14⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
15⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
16⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
17⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
18⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
19⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
20⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
21⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
22⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
23⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 648
21⤵
- Program crash
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
18⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
19⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
20⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
21⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
22⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 740
19⤵
- Program crash
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 648
16⤵
- Program crash
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 664
14⤵
- Program crash
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
11⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
12⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
13⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
14⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
15⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
16⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
17⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
18⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
19⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
20⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
21⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
22⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
17⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
18⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
19⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
20⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
21⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 640
19⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
16⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
17⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
18⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
19⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
20⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 736
16⤵
- Program crash
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 712
13⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 740
7⤵
- Program crash
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-57694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57694.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
8⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
10⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
11⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
12⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
13⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
14⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
15⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 720
6⤵
- Program crash
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:716

C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 752
5⤵
- Program crash
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62187.exe
7⤵
- Executes dropped EXE
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
8⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
11⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
12⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
13⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
14⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
15⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 636
8⤵
- Program crash
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 664
7⤵
- Program crash
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 708
5⤵
- Program crash
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 564
4⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 740
3⤵
- Program crash
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
8⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
10⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
11⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
12⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
13⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
14⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
15⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
16⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
17⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
18⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
19⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
20⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 628
12⤵
- Program crash
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23775.exe
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
10⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
11⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
12⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
13⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
14⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
15⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
16⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
17⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
18⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
19⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
20⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
16⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
17⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
18⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
19⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
20⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
15⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
16⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
17⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
18⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
19⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
7⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
9⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
10⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-14136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14136.exe
11⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
12⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
13⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
14⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
15⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
16⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
17⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
18⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
19⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 648
18⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
15⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
16⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
17⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
18⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
19⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 720
5⤵
- Program crash
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
11⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
12⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
13⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
14⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
15⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
16⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
17⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
18⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
19⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
20⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
21⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
16⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
17⤵
PID:232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
18⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
19⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
20⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 724
16⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
15⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
16⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
17⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
18⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
19⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
20⤵
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 656
18⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 740
15⤵
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 664
13⤵
- Program crash
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 664
8⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 652
7⤵
- Program crash
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
6⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
7⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
8⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
10⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
11⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
12⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
13⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
14⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
15⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
16⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
17⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
18⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
19⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
20⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 652
17⤵
- Program crash
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
15⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
16⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
17⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
18⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-11718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11718.exe
18⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
19⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 636
17⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 752
10⤵
- Program crash
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 636
8⤵
- Program crash
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 632
6⤵
- Program crash
PID:644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 720
5⤵
- Program crash
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 740
4⤵
- Program crash
PID:456

C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
7⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 720
7⤵
- Program crash
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 720
7⤵
- Program crash
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
6⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
7⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
8⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
10⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
12⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
13⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
10⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
11⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
12⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
13⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
14⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
15⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
16⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
17⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 608
15⤵
- Program crash
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 748
9⤵
- Program crash
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 708
5⤵
- Program crash
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 728
4⤵
- Program crash
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 740
3⤵
- Program crash
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 740
2⤵
- Program crash
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4296 -ip 4296
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3500 -ip 3500
1⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3396 -ip 3396
1⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2980 -ip 2980
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1584 -ip 1584
1⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1968 -ip 1968
1⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3912 -ip 3912
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3244 -ip 3244
1⤵
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4040 -ip 4040
1⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 888 -ip 888
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4940 -ip 4940
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3004 -ip 3004
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5008 -ip 5008
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3340 -ip 3340
1⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2052 -ip 2052
1⤵
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 760 -ip 760
1⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4932 -ip 4932
1⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2208 -ip 2208
1⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2920 -ip 2920
1⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2024 -ip 2024
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3672 -ip 3672
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3712 -ip 3712
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4468 -ip 4468
1⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4712 -ip 4712
1⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4644 -ip 4644
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 4300 -ip 4300
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2860 -ip 2860
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2440 -ip 2440
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1640 -ip 1640
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4720 -ip 4720
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 4388 -ip 4388
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1516 -ip 1516
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4564 -ip 4564
1⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4352 -ip 4352
1⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2020 -ip 2020
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5076 -ip 5076
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2072 -ip 2072
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 1496 -ip 1496
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 1588 -ip 1588
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5072 -ip 5072
1⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 688 -ip 688
1⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 716 -ip 716
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2168 -ip 2168
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3084 -ip 3084
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5696 -ip 5696
1⤵
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1528 -ip 1528
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2188 -ip 2188
1⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5672 -ip 5672
1⤵
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5260 -ip 5260
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5288 -ip 5288
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5460 -ip 5460
1⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2916 -ip 2916
1⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5272 -ip 5272
1⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5296 -ip 5296
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2232 -ip 2232
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2992 -ip 2992
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5872 -ip 5872
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5592 -ip 5592
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5636 -ip 5636
1⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2400 -ip 2400
1⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6052 -ip 6052
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 5748 -ip 5748
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5864 -ip 5864
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 6088 -ip 6088
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5716 -ip 5716
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5960 -ip 5960
1⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 6096 -ip 6096
1⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1500 -ip 1500
1⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 2260 -ip 2260
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5888 -ip 5888
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5524 -ip 5524
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 5680 -ip 5680
1⤵
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5320 -ip 5320
1⤵
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5504 -ip 5504
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1664 -ip 1664
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6064 -ip 6064
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 4820 -ip 4820
1⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5532 -ip 5532
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5140 -ip 5140
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 4356 -ip 4356
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5364 -ip 5364
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3940 -ip 3940
1⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3536 -ip 3536
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5988 -ip 5988
1⤵
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5948 -ip 5948
1⤵
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2924 -ip 2924
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5836 -ip 5836
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5916 -ip 5916
1⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5196 -ip 5196
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5860 -ip 5860
1⤵
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 6020 -ip 6020
1⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5772 -ip 5772
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 2688 -ip 2688
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5924 -ip 5924
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 832 -ip 832
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 760 -ip 760
1⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2664 -ip 2664
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5260 -ip 5260
1⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5624 -ip 5624
1⤵
PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5780 -ip 5780
1⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 4920 -ip 4920
1⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5332 -ip 5332
1⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 4932 -ip 4932
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5384 -ip 5384
1⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5160 -ip 5160
1⤵
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6108 -ip 6108
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5344 -ip 5344
1⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5668 -ip 5668
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5420 -ip 5420
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5356 -ip 5356
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3620 -ip 3620
1⤵
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5400 -ip 5400
1⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 532 -ip 532
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 6112 -ip 6112
1⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 640 -ip 640
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5392 -ip 5392
1⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6064 -ip 6064
1⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 692 -ip 692
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 1420 -ip 1420
1⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5752 -ip 5752
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 2624 -ip 2624
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5992 -ip 5992
1⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 2340 -ip 2340
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5176 -ip 5176
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2332 -ip 2332
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3680 -ip 3680
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6028 -ip 6028
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 1360 -ip 1360
1⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5484 -ip 5484
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5300 -ip 5300
1⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 3036 -ip 3036
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5324 -ip 5324
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 3056 -ip 3056
1⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 2916 -ip 2916
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2100 -ip 2100
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 4200 -ip 4200
1⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5196 -ip 5196
1⤵
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6040 -ip 6040
1⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5612 -ip 5612
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5768 -ip 5768
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 5548 -ip 5548
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 3648 -ip 3648
1⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 6092 -ip 6092
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5888 -ip 5888
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3220 -ip 3220
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3532 -ip 3532
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 3612 -ip 3612
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 4620 -ip 4620
1⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5688 -ip 5688
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4940 -ip 4940
1⤵
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 5572 -ip 5572
1⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5296 -ip 5296
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 2076 -ip 2076
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5252 -ip 5252
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5192 -ip 5192
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2980 -ip 2980
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 888 -ip 888
1⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4352 -ip 4352
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 3168 -ip 3168
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5784 -ip 5784
1⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5836 -ip 5836
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 4040 -ip 4040
1⤵
PID:644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5288 -ip 5288
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5204 -ip 5204
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4356 -ip 4356
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5760 -ip 5760
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 1476 -ip 1476
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5820 -ip 5820
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5624 -ip 5624
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 2472 -ip 2472
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6056 -ip 6056
1⤵
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6020 -ip 6020
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5136 -ip 5136
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4524 -ip 4524
1⤵
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 832 -ip 832
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5184 -ip 5184
1⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1300 -ip 1300
1⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5980 -ip 5980
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 4192 -ip 4192
1⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6004 -ip 6004
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1144 -ip 1144
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3248 -ip 3248
1⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5556 -ip 5556
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4672 -ip 4672
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5500 -ip 5500
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 532 -ip 532
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5276 -ip 5276
1⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6108 -ip 6108
1⤵
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4144 -ip 4144
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5636 -ip 5636
1⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5008 -ip 5008
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5848 -ip 5848
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2168 -ip 2168
1⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 4396 -ip 4396
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4004 -ip 4004
1⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5672 -ip 5672
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 4744 -ip 4744
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3100 -ip 3100
1⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5868 -ip 5868
1⤵
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2624 -ip 2624
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5948 -ip 5948
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2256 -ip 2256
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5968 -ip 5968
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2916 -ip 2916
1⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3712 -ip 3712
1⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1664 -ip 1664
1⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2872 -ip 2872
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5304 -ip 5304
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4820 -ip 4820
1⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5044 -ip 5044
1⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 3940 -ip 3940
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2664 -ip 2664
1⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5380 -ip 5380
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4044 -ip 4044
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4532 -ip 4532
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5228 -ip 5228
1⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5400 -ip 5400
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 864 -ip 864
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5660 -ip 5660
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5180 -ip 5180
1⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3300 -ip 3300
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5188 -ip 5188
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5160 -ip 5160
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5840 -ip 5840
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 4200 -ip 4200
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5520 -ip 5520
1⤵
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 6044 -ip 6044
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5872 -ip 5872
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5668 -ip 5668
1⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 692 -ip 692
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3424 -ip 3424
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1828 -ip 1828
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5620 -ip 5620
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 6136 -ip 6136
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4404 -ip 4404
1⤵
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2568 -ip 2568
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5512 -ip 5512
1⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 3292 -ip 3292
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5972 -ip 5972
1⤵
PID:372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 2240 -ip 2240
1⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 4396 -ip 4396
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 2700 -ip 2700
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 6084 -ip 6084
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2868 -ip 2868
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 2076 -ip 2076
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5616 -ip 5616
1⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6080 -ip 6080
1⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5352 -ip 5352
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5464 -ip 5464
1⤵
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6024 -ip 6024
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2472 -ip 2472
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3220 -ip 3220
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5244 -ip 5244
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5632 -ip 5632
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 3396 -ip 3396
1⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5824 -ip 5824
1⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 5284 -ip 5284
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2024 -ip 2024
1⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5152 -ip 5152
1⤵
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 5728 -ip 5728
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5324 -ip 5324
1⤵
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5868 -ip 5868
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6064 -ip 6064
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5428 -ip 5428
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5008 -ip 5008
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5796 -ip 5796
1⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3248 -ip 3248
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1652 -ip 1652
1⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1672 -ip 1672
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5076 -ip 5076
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4300 -ip 4300
1⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5612 -ip 5612
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5320 -ip 5320
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1612 -ip 1612
1⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1596 -ip 1596
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5192 -ip 5192
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 1192 -ip 1192
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 5176 -ip 5176
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5368 -ip 5368
1⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 3360 -ip 3360
1⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4364 -ip 4364
1⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4252 -ip 4252
1⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 832 -ip 832
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2208 -ip 2208
1⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3148 -ip 3148
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2008 -ip 2008
1⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5384 -ip 5384
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 1768 -ip 1768
1⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6072 -ip 6072
1⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5560 -ip 5560
1⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4732 -ip 4732
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 5252 -ip 5252
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3548 -ip 3548
1⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5500 -ip 5500
1⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3524 -ip 3524
1⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5456 -ip 5456
1⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4688 -ip 4688
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4296 -ip 4296
1⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 5432 -ip 5432
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5744 -ip 5744
1⤵
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5916 -ip 5916
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 2236 -ip 2236
1⤵
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3712 -ip 3712
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5412 -ip 5412
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 1476 -ip 1476
1⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5872 -ip 5872
1⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 1340 -ip 1340
1⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
1⤵
PID:6952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
Filesize
184KB

MD5
f703cf82306f0cc49dba1d10d72bf03d

SHA1
411c51eadd1c53e4be0be02fabf01c1240d9fd11

SHA256
0067917db762f01aa2ee51a0310f64768a7ccc9f6f3a88938f1c0e5feaba7df8

SHA512
2fe34649f34ab237bea12fcfff1f4ec06a518112c963c9485644f1446f9711cf9833f6ecb780a8182e9139fce2f224585f2eb087d90b6ad1ae3d1613a3f82b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
Filesize
184KB

MD5
bc0eac43651a3a93a52ded43d3139b6c

SHA1
8d634b4418af01e955e1eb4b01e7391f0f94074e

SHA256
707835221895db23a1bf7360f8a94067ff6d0c9664bd0f73967e138bf3efa1ba

SHA512
3ee327c472314682fe0887c966c6a1711aaa6a285fb1a8fb15e17014b44ce63da982b3ec3bf40378da7d17e57cbd121586285cdf7f708eee49e80e8663ef563c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
Filesize
184KB

MD5
642e0b74467ea6260c96f0730144aff2

SHA1
d9978efacbdfdf65416b9bb3614a31c84536e846

SHA256
db65a1662c546d301c1e573636007423ade6bf314baeb6fd117c7a3bacb68f5f

SHA512
9c77a223cbf86f19c064a6da070a5391f5bc5e9d9bc38ef79281e1c60b9cbf73341da61f1e13207173b7d8f279c6b088f8025643e5c7c6f8d402356582fdc871

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
Filesize
184KB

MD5
ca5318cb1139bdd1f53848d84a3fd80a

SHA1
d9b9a0399e0599b4cbf7d84c0698c17d27e8728f

SHA256
4bcc38aa2b0dc69ee974397137ba052b93f8e2110604e59c7ee5eb3f2b69a18b

SHA512
e8c733b60b5069525c71a2192e9bca9ea6900272ef4377dc6c16a618582a1aa8208f2fa22b5b6b9f6976d959e150d3bcab977dd0f44c7137617442dbfbbcfeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
Filesize
184KB

MD5
bbb830c0a1a70699a6b5e11bbb2ca24a

SHA1
85cb13ea338f638d65efd90bde408e794966cabf

SHA256
03944d500ea876d827280e7c5b28d74fcafee8782e680b4d278fe8349522f990

SHA512
1af0625b5eb860c3fa8eda4e9e75c85a665b4589be54caf84e9a6bc35922dd7a14a06dfa188d4fa83d40ee66a58013ab1aa7b93e0f43d164212f7dec70ae7d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
Filesize
184KB

MD5
fe9c134b5e2b90fd526a08a91a02c6c1

SHA1
c6b224229d74c39c97a3cb5e26f541bafe6e1aa8

SHA256
ab159171a82acb25fdc762c5b91ec2ea40e6dd97f3e1f7b23cf61fb9023132ed

SHA512
76e4c6e5f8431c8e454cdc05bbd60e7348f1aa27272c804e17cadd01ae25bbd12370142ac01779d66c0f60e47dd1149eaa794b547e416841f5be3452813667a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
Filesize
184KB

MD5
3302758c19cdeb8da1184785ed8eee41

SHA1
ddec4ec797f358a1646cd78114e05cbb38345c8a

SHA256
169c78fa235e9e38a5500ff8997d44742381e06b193687669ed4802230c403e0

SHA512
a302c2a87fa77a85dd408059baddd9686aa8af1d9bb31707001f9100b5a9cc0d707074fd77207f1e106b6875382aec17fbc7e32cb41317ee1343b2630644b518

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
Filesize
184KB

MD5
5f1f0f56b0895cad59e577a86677bfb3

SHA1
925cd8ab59f1039cb3ca8c9a33c5684adbe597e9

SHA256
9717415045a870255836d01551efcff4ca772455ed1a9fd95cc853fce17f3acf

SHA512
f711db1bf28a8254086c7c006f8518743fc7c64fcd19c3ba63939fc922c4f20b51940bc7ea9d2d2562eb04ea58547a42557db86eeda163f2d0eab03c93ab50d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
Filesize
184KB

MD5
a433413719f40450cce7699f94e8e8c8

SHA1
f704679bd383ee1cf66405c515853c5c88138b30

SHA256
871bd844b795a3c26738969c710dfb065178da443604d2a35f0a581ee5619612

SHA512
0de8fdcdf851793b25cbd9a56a8a3635090bb608dc07a5565f394eefbcce07ec0d7c59c1e71e170f9418e0b1aa9b0e4e37a91160d098bfbe0617c67e53d04923

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
Filesize
184KB

MD5
3097bb6f3b13f964986b4037e19f4e98

SHA1
469b27beaa4023e70df66a10b33a288dd09e0495

SHA256
875dc0812da8b8d3bab05c395bd1927751e2e5c0498f8a5b668b225117a89cd9

SHA512
e5bc9ce4d8ce6ca765b9052ad0f12d5381db1476a91b831fafdf1f19f70662ebd706e455583e287adf917c9a123f647fc8c45031ab879193a677ee80bc3e007b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
Filesize
184KB

MD5
f6d2a8b47960022ed72256176a5e203c

SHA1
5c4126b1ca4de7f42ea7164acb00aa666a374d22

SHA256
f918bebfb2e4f9c578292fcdbbbb72e35cd0d041dbb44649f707e65f1d19c22b

SHA512
d79cddbc3badf73486aa014c4a0d028b21b28c9f4c6932c4039dd69318d972167190a95f8805c9faf5f2a4e3e0deb2f7536ad5b8d2ed614fa5fae0e339dbaedb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
Filesize
184KB

MD5
f8be9b0bf733dda762d5aecda83e4771

SHA1
3e581b466cab8a3e9b28d4501842c26241ff8c60

SHA256
56e9c2e442c1f268f2fea3ecfcbcb1a302d193551509cd0bc2ece94ecda77328

SHA512
fd80a1c633b6a65ab521d706916d3b4c2a096cdff1d19ac2e5a9fc37630375978918b8d462dae110a468cb3c253fed26edda8835fd80a2b9a6b6c58581f7f2dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
Filesize
184KB

MD5
5d8585c9495d02cd1b99a69c8d361458

SHA1
14b6907109b287e8d1bf49b458172133d1c1d7cb

SHA256
d0cd8c0ec471955ff826ce8d77ca18d3cb92c90ec4a1fa300d4342dba7dcf657

SHA512
0e69929ab40452057b90ef632b6f8533e19337f7545c3f6ce5cebebaceba930683cf7de484b960779299ef7136ef93bcf48cff4417d1f0c253d41bb6f98b2945

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
Filesize
184KB

MD5
067f7998cde8432d606509d70a990aea

SHA1
69f21f99df2cc7526fe2def5830a3a0e90380d4a

SHA256
b93ead0365be02ad4de28e7579bbe071c50672182457ed51fa147c0b1a8897b6

SHA512
387d5ef2d5091a1a3c6638d109b572ab26b3c1be53992a3cf798ae5367715a68e8d16c48fad7a323e43053a1e86f0a59d98e95a660508e25b1d5d332a73bac34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
Filesize
184KB

MD5
1e91825201197d973a7e750bff7d30d1

SHA1
708621a1e0e0b7796b5637470e9e2b1d2d9acdf9

SHA256
aaa8dab81f755a97c2cd66b531136a167e603eb40f3631fcea695b468c222f18

SHA512
96002907d694562f4aa0b3bbdf24cd1176925e591167d905fd68f7c7af1304b30c5cb4e91df98cfb63f1851c1af61dc8d4ab4fa91ee33a2b0db34ff68d5ca8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
Filesize
184KB

MD5
e5639d8a5ce5204b470e29c0992e731e

SHA1
f8453ed26905aa6e3e8de7d12655f8e78f9003c8

SHA256
c62b288cb089c35a22262c1dc23256e955cfda560c7d62a4da3fd00c983bb312

SHA512
97262b370ad8f2226119dcee1609c1c690940fe9ebd9a10f1b47fd8a2e4b5c4479d02d01c382abcfabc35cbed304bf991c879bbfe8420f5cc4d3376daf0cd5d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
Filesize
184KB

MD5
be28b1125b0df9584b74c6c13980a95f

SHA1
ecc300cc63a485b06bbbc028602187d08341359e

SHA256
96228f14da2e6d309fc265698e1d6205f0e4a766716d0957458ccbe31f82fd9b

SHA512
671f2fa018dfcb6118db9426497c82b2ec4eae39aa032d5609b84e292f3ef7d45799ee676f16f40ee3ab751cbd92ece88826d129cb212801abf54270d63a5164

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
Filesize
184KB

MD5
a7fb76517bef028a10936ea5f2354965

SHA1
b80bb86cb3b2032f3256930eb902c649a5154c8e

SHA256
95bb3b31275fe40415d1a117ec9971fc4d2ab2b1124fe2b6901e19248e9c1247

SHA512
96ab212801053bd4751d7157a4ff73f80de93d0213edb709ad060e47c8e1abd6018d5f0c83d8ef31498ab699c1b18a1b534be45bb7774bffd117f2eee246d435

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
Filesize
184KB

MD5
1293b7a4e31f7d38837157fca88963d4

SHA1
0fedd4af80bab0ea791c09e4d899867907bf526b

SHA256
81f1412bb1c7b28658616cf9439c546986041baced254a6e6c1ee46d9d414189

SHA512
300b1026f81c29d644f8c646494ed310d38efada6ec195f11002ff4586872e71d6c88e3f6ef9846188f4a9583637775eedd40f127ca0bdb0206ba4088680c749

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
Filesize
184KB

MD5
fa40d218a446b6c11988250b838ebf0d

SHA1
0f9553dbcde1d0446946d4185324aa37068d7706

SHA256
440f858c55d5629701119cc1684088406a638c2532a3be1f06ab7badddf64563

SHA512
89265124bf316ca92de2e2a2cc50aa9895a38e4956319d5564058ce85e7f3f0013beb13a415960a001640fcb2df9998e9b2e11e69b5f6c85a0137be900abee4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
Filesize
184KB

MD5
a8a29bef0590f67498c1059d91b6409a

SHA1
e665d309c6aa41a988b37b556289c2732fc8a060

SHA256
4216de926d6757768b82dde81ae16adc0bf2261517349d3cabb69a3466932505

SHA512
6255b389327b8e3a2471915af821b5c80cc8cf9f6b0a06dbadd15431406007307082b13ae26415949739861e828413ca234520ba07b0f5602ea801a8ba93d1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
Filesize
184KB

MD5
87d2d884b8a49106b121f3b595178c8d

SHA1
c81906159d862c808039e69a7f2ebc49725a74bd

SHA256
ea5873a39ec90fdd7dbcc2ecc7c30ca4ad604254e06cad1c158ca0ef170a35e0

SHA512
25e292c4e2f51eb400a443a44dd6869cf6edcab9fd0f116bcc6449b636269745f9f937668c8a792651e7718f80461fb7b1e292c2b7eb517f5376fe4867f94ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
Filesize
184KB

MD5
e192a3ae453417cbd1c3a04b2b0d4cb8

SHA1
5c924e80258e97a4b2bd84f93f12b7e658b3fe6d

SHA256
3615bd367bedfbec873970fb09ec608f9459acb5bcdd5d6b2efa046f69784713

SHA512
a9814029d194dc257b7f9defc6462db0b49e7fdb8efcff3b9a649dd005794331c7747648006196528f042757c2abacaee8c199bab93495198785b686c7ea984b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
Filesize
184KB

MD5
a4a44f7c8bda794c56a332773ac9379c

SHA1
df4176fa3dacc4c38293ab35ebe78cd238a77ba2

SHA256
968040ac13a6b6186f270a1ccc5dfc91734aab3e89a619b7a008bfdc38afda90

SHA512
cecdd0910344f162845af37d9fc272e07dbb4033a03f87d121dbc8016dc4a8a1a921f49e29f91d2ead9adb2fdb8e0e8fd44cb746b1b2bdb05e306b31b15db04d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
Filesize
184KB

MD5
aed36416e265ce431f10c0f64ecb919e

SHA1
c1e43f678a016d6c15f8b0663992e02ee22c6d63

SHA256
0f511743666aaa8901b0b95809ccfe7bb009e70b7d9aea5018f9544a8ede064f

SHA512
7bc5a4feb29ed3de81ec0ae330b0a6b2d3392d85f8c7b103d3c6d609384a578055b73c59ee74fbd5b0a18b57b0abcda1a3f72937802a1da493da4cf7f5bda5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
Filesize
184KB

MD5
c2819eb85446e32d5f84880d8f291f61

SHA1
1ca1c06e623cbaf89752248369ac5aef2339101e

SHA256
b18a7d44395a51090e239faaf401bc69d604b4f60b749e6829a055007475e37d

SHA512
fa8429c38517e335525b8150ca78a11223135207b5674e6df34d488b13ef3124e4e29287cd6bc19b23f4e3b34e6f656af89ba2e66f0d346b56512873c4a93758

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
Filesize
184KB

MD5
f783c06a3b537c060a6723673ccf473e

SHA1
0508c388208fdf1aeadac27ffdd7cb3588bec87b

SHA256
a6995925e9a7a1158b43cb0a9d202b8b0f1de9d81d70612af30ad396666d72e7

SHA512
d513a73304e1e04184c24d89d70162e84942eee753b1a7620401a5576609aa52a7826f33571dda1c755da1c170d992706ed4e9418617a068ae700e12dc503db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
Filesize
184KB

MD5
c5a7cb9d74e56d122335fc02bc1abcbf

SHA1
60284cb3d137bbfd29c31f47ef728b471c55bc7b

SHA256
dbfc4a5fb1d717615b8d130c31c15c0d2c99c6a1463146102b4ab97251642350

SHA512
3396c2499fab6898d09cc0f11fc10d281ef03d7c30f1422d2d81ccb8ea5f0a8ca212cd8a027817b95fdc3c3eb7adb7de0e2689d59f70f7cbd04717b7ce56b68e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
Filesize
184KB

MD5
0d730acfc3572da6bcd90f0ad3fa8dda

SHA1
9356f5494d0a1da8d87fb02a7534074399faa9fc

SHA256
b408fda52ab9e0087519a198d96ad5ff671137dc59c8135ac1fd4b7cdb0691d6

SHA512
ad9e8ff83413579ebc8447024e003c718f0b0f04c1e3cbc8c7c9e5611f1a4429d49bc01f0595430a51e2c7f384458dd3f733d76d936cffb380d5984a448bfa2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
Filesize
184KB

MD5
b1530249dbf77d995c7a76c6883ef085

SHA1
c0a0e1aac7c9165dd7140c370d08b5da2c900188

SHA256
93587acb8ea47d0b77fa95111a2dcdaff9f1a69f6cf0f6e67c8d509862f6ac96

SHA512
81c2da0c241a8788b42e772bd8f256535d7cda9f35985c13f6af4dcdf2b7dbec7f2623fc9a410205f59d3641b1577188dc60a1118c72cb01d6ced2e9012b6c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
Filesize
184KB

MD5
ff4079e90ca4a5395fc8d472c5ab72e7

SHA1
ecf6c43db39eb1f84b7e550c188b1cb61f693dc2

SHA256
afed7ceb7e810e0afd6646f065d04d0fc3124121c464952cb9b68c23242834a0

SHA512
05778aac4087837a9454bac6f1d930d4c70adcf88c3f51648dec833d3561f91fdc719cde3b0423178af5adb9b369ab4e8e2886983c26b3d419eda800ef8336a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
Filesize
184KB

MD5
656bec2a358920f675ade7bc6e674188

SHA1
ac99b0046264cf2bf8a3c4f53b1b267230cc39da

SHA256
9ae0f8e6632d2fa51733fae7ba01796c23a3b7eae54dc29ef430885f3d4daf71

SHA512
0cc66c8d5299d97c5dddcbdc7c15a9edccf1071d3f7efbf992adc1944844cd93f722d878fa9ee39d980753412329e9a2ecec2c4932adccbb35957c41fd4c00e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
Filesize
184KB

MD5
df903914f0e288e1311405ead007018f

SHA1
dbfb402b1ae8699b8e195cd5de71d5cd26fff5af

SHA256
5642f554a90467e84a9592aa24cc6489a4184c64682a4f44e37915a5c5e48ff4

SHA512
fce40b7b62ce35864192f54604083c95659705c0bd7850af712fe808977b91ecdcea89c685303285e0e5d89bbc5bd77f4ae066a0e41c2fce687d5afc204bf198

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
Filesize
184KB

MD5
5c89bf2b4361a4dbb08eb9ede9a328f8

SHA1
c96301eb45314cc7f1ecd7c886cb6c26badda69b

SHA256
b83c9e3bad73e2c3d0f2558e7510882e1393e17a9c64d29a0ad6dd1b32c8a3db

SHA512
0757fb701ca216390ce76e7aa855fe7f4fa713c6f354678c60b60d161c8346fceec3b54516fbb06415ca4a5e5cfc27c87283ac4bf5cd014273320a47e13598df

Download Submit