ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84

Analysis

max time kernel
29s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
Size

184KB
MD5

e6a6990c73e5a3753e81bb7f4e4f13fc
SHA1

8c40e325bd853447d3200a877fbf62253a638988
SHA256

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84
SHA512

745d5ed8e10b83a642eb0d9b0c89afc983dfd9d8d526e106d9886dfa0d430572043f942cdd67f4099473264b73ec2f02acfcd7f7de400c0eef5bc90967e29678
SSDEEP

1536:JBZ66NZ5uBc8o5x1XR4p4awMWM9yvZc8hmddE8cR2VQntnhlthj5nizpvN:730Bc8ofJR4ZdWaWe08cRttnhl7ViF1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

TempÁUnicorn-36973.exeLocalÁUnicorn-55149.exeTempÁUnicorn-52881.exeAppDataÁUnicorn-35757.exeLocalÁUnicorn-20874.exeLocalÁUnicorn-1008.exeAdminÁUnicorn-24554.exeAppDataÁUnicorn-53012.exeAppDataÁUnicorn-8108.exeAppDataÁUnicorn-6162.exeLocalÁUnicorn-6032.exeUsersÁUnicorn-9865.exeAdminÁUnicorn-23571.exeAdminÁUnicorn-5843.exeAdminÁUnicorn-34282.exeAppDataÁUnicorn-17261.exeAppDataÁUnicorn-30643.exeAdminÁUnicorn-35050.exeAppDataÁUnicorn-61562.exeÁUnicorn-61459.exeUsersÁUnicorn-64593.exeUsersÁUnicorn-20266.exeAdminÁUnicorn-30768.exeUsersÁUnicorn-10281.exeUsersÁUnicorn-58797.exeAdminÁUnicorn-58797.exeAdminÁUnicorn-11049.exeUsersÁUnicorn-11049.exeAdminÁUnicorn-53841.exeAdminÁUnicorn-54547.exeAdminÁUnicorn-36819.exeAppDataÁUnicorn-36819.exeÁUnicorn-16237.exeÁUnicorn-14160.exeÁUnicorn-17005.exeÁUnicorn-393.exeUsersÁUnicorn-19635.exeUsersÁUnicorn-6828.exeÁUnicorn-17898.exeUsersÁUnicorn-46356.exeUsersÁUnicorn-16362.exeÁUnicorn-49802.exeAdminÁUnicorn-45012.exeUsersÁUnicorn-43641.exeUsersÁUnicorn-50570.exeAdminÁUnicorn-47482.exeÁUnicorn-54218.exeAdminÁUnicorn-21546.exeUsersÁUnicorn-37197.exeUsersÁUnicorn-21546.exeAdminÁUnicorn-50196.exeUsersÁUnicorn-1680.exeÁUnicorn-59667.exeÁUnicorn-41939.exeÁUnicorn-47498.exeÁUnicorn-18992.exeÁUnicorn-5609.exeÁUnicorn-38282.exeÁUnicorn-8681.exeÁUnicorn-35193.exeUsersÁUnicorn-37139.exeÁUnicorn-13388.exeÁUnicorn-44307.exeÁUnicorn-26579.exe

pid	process
2344	TempÁUnicorn-36973.exe
2536	LocalÁUnicorn-55149.exe
988	TempÁUnicorn-52881.exe
2796	AppDataÁUnicorn-35757.exe
4812	LocalÁUnicorn-20874.exe
3184	LocalÁUnicorn-1008.exe
3936	AdminÁUnicorn-24554.exe
3928	AppDataÁUnicorn-53012.exe
2592	AppDataÁUnicorn-8108.exe
4612	AppDataÁUnicorn-6162.exe
4576	LocalÁUnicorn-6032.exe
4084	UsersÁUnicorn-9865.exe
3396	AdminÁUnicorn-23571.exe
3780	AdminÁUnicorn-5843.exe
3988	AdminÁUnicorn-34282.exe
2756	AppDataÁUnicorn-17261.exe
4932	AppDataÁUnicorn-30643.exe
3676	AdminÁUnicorn-35050.exe
1196	AppDataÁUnicorn-61562.exe
1036	ÁUnicorn-61459.exe
3068	UsersÁUnicorn-64593.exe
4900	UsersÁUnicorn-20266.exe
1648	AdminÁUnicorn-30768.exe
2328	UsersÁUnicorn-10281.exe
1920	UsersÁUnicorn-58797.exe
228	AdminÁUnicorn-58797.exe
2616	AdminÁUnicorn-11049.exe
1452	UsersÁUnicorn-11049.exe
4592	AdminÁUnicorn-53841.exe
1400	AdminÁUnicorn-54547.exe
4844	AdminÁUnicorn-36819.exe
4992	AppDataÁUnicorn-36819.exe
1752	ÁUnicorn-16237.exe
1912	ÁUnicorn-14160.exe
5072	ÁUnicorn-17005.exe
3372	ÁUnicorn-393.exe
3292	UsersÁUnicorn-19635.exe
3912	UsersÁUnicorn-6828.exe
4256	ÁUnicorn-17898.exe
3140	UsersÁUnicorn-46356.exe
4412	UsersÁUnicorn-16362.exe
4156	ÁUnicorn-49802.exe
3688	AdminÁUnicorn-45012.exe
3600	UsersÁUnicorn-43641.exe
952	UsersÁUnicorn-50570.exe
3956	AdminÁUnicorn-47482.exe
4100	ÁUnicorn-54218.exe
2000	AdminÁUnicorn-21546.exe
2108	UsersÁUnicorn-37197.exe
2232	UsersÁUnicorn-21546.exe
2924	AdminÁUnicorn-50196.exe
4424	UsersÁUnicorn-1680.exe
4648	ÁUnicorn-59667.exe
1996	ÁUnicorn-41939.exe
2760	ÁUnicorn-47498.exe
4656	ÁUnicorn-18992.exe
2904	ÁUnicorn-5609.exe
3996	ÁUnicorn-38282.exe
1992	ÁUnicorn-8681.exe
428	ÁUnicorn-35193.exe
5016	UsersÁUnicorn-37139.exe
2464	ÁUnicorn-13388.exe
1704	ÁUnicorn-44307.exe
3928	ÁUnicorn-26579.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
516	5064	WerFault.exe	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
3420	2344	WerFault.exe	TempÁUnicorn-36973.exe
4436	2536	WerFault.exe	LocalÁUnicorn-55149.exe
3524	988	WerFault.exe	TempÁUnicorn-52881.exe
1204	2796	WerFault.exe	AppDataÁUnicorn-35757.exe
4696	4812	WerFault.exe	LocalÁUnicorn-20874.exe
4544	3184	WerFault.exe	LocalÁUnicorn-1008.exe
3176	3936	WerFault.exe	AdminÁUnicorn-24554.exe
1120	3928	WerFault.exe	AppDataÁUnicorn-53012.exe
3492	2592	WerFault.exe	AppDataÁUnicorn-8108.exe
2472	4576	WerFault.exe	LocalÁUnicorn-6032.exe
4652	4612	WerFault.exe	AppDataÁUnicorn-6162.exe
2376	4084	WerFault.exe	UsersÁUnicorn-9865.exe
1356	3396	WerFault.exe	AdminÁUnicorn-23571.exe
2932	3780	WerFault.exe	AdminÁUnicorn-5843.exe
1928	1196	WerFault.exe	AppDataÁUnicorn-61562.exe
1736	3988	WerFault.exe	AdminÁUnicorn-34282.exe
988	2756	WerFault.exe	AppDataÁUnicorn-17261.exe
1196	1036	WerFault.exe	ÁUnicorn-61459.exe
3692	3068	WerFault.exe	UsersÁUnicorn-64593.exe
2400	1648	WerFault.exe	AdminÁUnicorn-30768.exe
5172	4900	WerFault.exe	UsersÁUnicorn-20266.exe
5872	1400	WerFault.exe	AdminÁUnicorn-54547.exe
6048	4592	WerFault.exe	AdminÁUnicorn-53841.exe
5536	1752	WerFault.exe	ÁUnicorn-16237.exe
5100	1920	WerFault.exe	UsersÁUnicorn-58797.exe
5900	3600	WerFault.exe	UsersÁUnicorn-43641.exe
2256	5072	WerFault.exe	ÁUnicorn-17005.exe
5712	2464	WerFault.exe	ÁUnicorn-13388.exe
676	2080	WerFault.exe	UsersÁUnicorn-61738.exe
5612	5052	WerFault.exe	ÁUnicorn-60970.exe
5512	4440	WerFault.exe	UsersÁUnicorn-12272.exe
824	952	WerFault.exe	UsersÁUnicorn-50570.exe
2244	1416	WerFault.exe	AdminÁUnicorn-19955.exe
4944	5404	WerFault.exe	ÁUnicorn-14953.exe
6072	5652	WerFault.exe	ÁUnicorn-5289.exe
5904	5076	WerFault.exe	ÁUnicorn-45943.exe
5268	3876	WerFault.exe	ÁUnicorn-1843.exe
3600	1832	WerFault.exe	ÁUnicorn-49834.exe
5492	5372	WerFault.exe	ÁUnicorn-49834.exe
5076	5136	WerFault.exe	ÁUnicorn-5449.exe
2260	5128	WerFault.exe	ÁUnicorn-32237.exe
6372	1208	WerFault.exe	ÁUnicorn-64074.exe
6748	2932	WerFault.exe	ÁUnicorn-19818.exe
6180	4612	WerFault.exe	ÁUnicorn-8691.exe
6424	5248	WerFault.exe	ÁUnicorn-18413.exe
6496	4808	WerFault.exe	ÁUnicorn-4851.exe
6208	1064	WerFault.exe	ÁUnicorn-19306.exe
6248	5416	WerFault.exe	ÁUnicorn-18538.exe
6340	5944	WerFault.exe	ÁUnicorn-208.exe
6328	2668	WerFault.exe	ÁUnicorn-720.exe
6728	5408	WerFault.exe	ÁUnicorn-57581.exe
2760	5444	WerFault.exe	ÁUnicorn-24717.exe
7044	2428	WerFault.exe	ÁUnicorn-8691.exe
4544	2704	WerFault.exe	ÁUnicorn-17805.exe
6700	6064	WerFault.exe	ÁUnicorn-37523.exe
6928	5720	WerFault.exe	ÁUnicorn-15500.exe
6680	788	WerFault.exe	ÁUnicorn-55505.exe
4160	5608	WerFault.exe	ÁUnicorn-57581.exe
5508	5552	WerFault.exe	ÁUnicorn-50669.exe
516	788	WerFault.exe	ÁUnicorn-55505.exe
7060	1912	WerFault.exe	ÁUnicorn-9641.exe
4948	1932	WerFault.exe	ÁUnicorn-43757.exe
6148	5844	WerFault.exe	ÁUnicorn-57581.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exeTempÁUnicorn-36973.exeLocalÁUnicorn-55149.exeTempÁUnicorn-52881.exeAppDataÁUnicorn-35757.exeLocalÁUnicorn-20874.exeLocalÁUnicorn-1008.exeAdminÁUnicorn-24554.exeAppDataÁUnicorn-53012.exeAppDataÁUnicorn-8108.exeAppDataÁUnicorn-6162.exeLocalÁUnicorn-6032.exeUsersÁUnicorn-9865.exeAdminÁUnicorn-23571.exeAdminÁUnicorn-5843.exeAdminÁUnicorn-34282.exeAppDataÁUnicorn-61562.exeAdminÁUnicorn-35050.exeAppDataÁUnicorn-17261.exeAppDataÁUnicorn-30643.exeÁUnicorn-61459.exeUsersÁUnicorn-64593.exeUsersÁUnicorn-20266.exeAdminÁUnicorn-30768.exeUsersÁUnicorn-10281.exeUsersÁUnicorn-58797.exeAdminÁUnicorn-58797.exeAdminÁUnicorn-53841.exeAdminÁUnicorn-11049.exeAdminÁUnicorn-36819.exeAppDataÁUnicorn-36819.exeAdminÁUnicorn-54547.exeUsersÁUnicorn-11049.exeÁUnicorn-16237.exeÁUnicorn-14160.exeÁUnicorn-17005.exeUsersÁUnicorn-19635.exeÁUnicorn-393.exeUsersÁUnicorn-6828.exeÁUnicorn-17898.exeUsersÁUnicorn-46356.exeUsersÁUnicorn-16362.exeÁUnicorn-49802.exeAdminÁUnicorn-45012.exeUsersÁUnicorn-43641.exeUsersÁUnicorn-50570.exeAdminÁUnicorn-47482.exeUsersÁUnicorn-1680.exeÁUnicorn-54218.exeUsersÁUnicorn-37197.exeUsersÁUnicorn-21546.exeAdminÁUnicorn-50196.exeAdminÁUnicorn-21546.exeÁUnicorn-59667.exeÁUnicorn-41939.exeÁUnicorn-47498.exeÁUnicorn-18992.exeÁUnicorn-5609.exeÁUnicorn-35193.exeÁUnicorn-38282.exeÁUnicorn-8681.exeUsersÁUnicorn-37139.exeÁUnicorn-13388.exeÁUnicorn-44307.exe

pid	process
5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
2344	TempÁUnicorn-36973.exe
2536	LocalÁUnicorn-55149.exe
988	TempÁUnicorn-52881.exe
2796	AppDataÁUnicorn-35757.exe
4812	LocalÁUnicorn-20874.exe
3184	LocalÁUnicorn-1008.exe
3936	AdminÁUnicorn-24554.exe
3928	AppDataÁUnicorn-53012.exe
2592	AppDataÁUnicorn-8108.exe
4612	AppDataÁUnicorn-6162.exe
4576	LocalÁUnicorn-6032.exe
4084	UsersÁUnicorn-9865.exe
3396	AdminÁUnicorn-23571.exe
3780	AdminÁUnicorn-5843.exe
3988	AdminÁUnicorn-34282.exe
1196	AppDataÁUnicorn-61562.exe
3676	AdminÁUnicorn-35050.exe
2756	AppDataÁUnicorn-17261.exe
4932	AppDataÁUnicorn-30643.exe
1036	ÁUnicorn-61459.exe
3068	UsersÁUnicorn-64593.exe
4900	UsersÁUnicorn-20266.exe
1648	AdminÁUnicorn-30768.exe
2328	UsersÁUnicorn-10281.exe
1920	UsersÁUnicorn-58797.exe
228	AdminÁUnicorn-58797.exe
4592	AdminÁUnicorn-53841.exe
2616	AdminÁUnicorn-11049.exe
4844	AdminÁUnicorn-36819.exe
4992	AppDataÁUnicorn-36819.exe
1400	AdminÁUnicorn-54547.exe
1452	UsersÁUnicorn-11049.exe
1752	ÁUnicorn-16237.exe
1912	ÁUnicorn-14160.exe
5072	ÁUnicorn-17005.exe
3292	UsersÁUnicorn-19635.exe
3372	ÁUnicorn-393.exe
3912	UsersÁUnicorn-6828.exe
4256	ÁUnicorn-17898.exe
3140	UsersÁUnicorn-46356.exe
4412	UsersÁUnicorn-16362.exe
4156	ÁUnicorn-49802.exe
3688	AdminÁUnicorn-45012.exe
3600	UsersÁUnicorn-43641.exe
952	UsersÁUnicorn-50570.exe
3956	AdminÁUnicorn-47482.exe
4424	UsersÁUnicorn-1680.exe
4100	ÁUnicorn-54218.exe
2108	UsersÁUnicorn-37197.exe
2232	UsersÁUnicorn-21546.exe
2924	AdminÁUnicorn-50196.exe
2000	AdminÁUnicorn-21546.exe
4648	ÁUnicorn-59667.exe
1996	ÁUnicorn-41939.exe
2760	ÁUnicorn-47498.exe
4656	ÁUnicorn-18992.exe
2904	ÁUnicorn-5609.exe
428	ÁUnicorn-35193.exe
3996	ÁUnicorn-38282.exe
1992	ÁUnicorn-8681.exe
5016	UsersÁUnicorn-37139.exe
2464	ÁUnicorn-13388.exe
1704	ÁUnicorn-44307.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 5064 wrote to memory of 2344	5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-36973.exe
PID 5064 wrote to memory of 2344	5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-36973.exe
PID 5064 wrote to memory of 2344	5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-36973.exe
PID 2344 wrote to memory of 2536	2344	TempÁUnicorn-36973.exe	LocalÁUnicorn-55149.exe
PID 2344 wrote to memory of 2536	2344	TempÁUnicorn-36973.exe	LocalÁUnicorn-55149.exe
PID 2344 wrote to memory of 2536	2344	TempÁUnicorn-36973.exe	LocalÁUnicorn-55149.exe
PID 5064 wrote to memory of 988	5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-52881.exe
PID 5064 wrote to memory of 988	5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-52881.exe
PID 5064 wrote to memory of 988	5064	ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe	TempÁUnicorn-52881.exe
PID 2536 wrote to memory of 2796	2536	LocalÁUnicorn-55149.exe	AppDataÁUnicorn-35757.exe
PID 2536 wrote to memory of 2796	2536	LocalÁUnicorn-55149.exe	AppDataÁUnicorn-35757.exe
PID 2536 wrote to memory of 2796	2536	LocalÁUnicorn-55149.exe	AppDataÁUnicorn-35757.exe
PID 988 wrote to memory of 4812	988	TempÁUnicorn-52881.exe	LocalÁUnicorn-20874.exe
PID 988 wrote to memory of 4812	988	TempÁUnicorn-52881.exe	LocalÁUnicorn-20874.exe
PID 988 wrote to memory of 4812	988	TempÁUnicorn-52881.exe	LocalÁUnicorn-20874.exe
PID 2344 wrote to memory of 3184	2344	TempÁUnicorn-36973.exe	LocalÁUnicorn-1008.exe
PID 2344 wrote to memory of 3184	2344	TempÁUnicorn-36973.exe	LocalÁUnicorn-1008.exe
PID 2344 wrote to memory of 3184	2344	TempÁUnicorn-36973.exe	LocalÁUnicorn-1008.exe
PID 2796 wrote to memory of 3936	2796	AppDataÁUnicorn-35757.exe	AdminÁUnicorn-24554.exe
PID 2796 wrote to memory of 3936	2796	AppDataÁUnicorn-35757.exe	AdminÁUnicorn-24554.exe
PID 2796 wrote to memory of 3936	2796	AppDataÁUnicorn-35757.exe	AdminÁUnicorn-24554.exe
PID 2536 wrote to memory of 3928	2536	LocalÁUnicorn-55149.exe	AppDataÁUnicorn-53012.exe
PID 2536 wrote to memory of 3928	2536	LocalÁUnicorn-55149.exe	AppDataÁUnicorn-53012.exe
PID 2536 wrote to memory of 3928	2536	LocalÁUnicorn-55149.exe	AppDataÁUnicorn-53012.exe
PID 3184 wrote to memory of 2592	3184	LocalÁUnicorn-1008.exe	AppDataÁUnicorn-8108.exe
PID 3184 wrote to memory of 2592	3184	LocalÁUnicorn-1008.exe	AppDataÁUnicorn-8108.exe
PID 3184 wrote to memory of 2592	3184	LocalÁUnicorn-1008.exe	AppDataÁUnicorn-8108.exe
PID 4812 wrote to memory of 4612	4812	LocalÁUnicorn-20874.exe	AppDataÁUnicorn-6162.exe
PID 4812 wrote to memory of 4612	4812	LocalÁUnicorn-20874.exe	AppDataÁUnicorn-6162.exe
PID 4812 wrote to memory of 4612	4812	LocalÁUnicorn-20874.exe	AppDataÁUnicorn-6162.exe
PID 988 wrote to memory of 4576	988	TempÁUnicorn-52881.exe	LocalÁUnicorn-6032.exe
PID 988 wrote to memory of 4576	988	TempÁUnicorn-52881.exe	LocalÁUnicorn-6032.exe
PID 988 wrote to memory of 4576	988	TempÁUnicorn-52881.exe	LocalÁUnicorn-6032.exe
PID 3936 wrote to memory of 4084	3936	AdminÁUnicorn-24554.exe	UsersÁUnicorn-9865.exe
PID 3936 wrote to memory of 4084	3936	AdminÁUnicorn-24554.exe	UsersÁUnicorn-9865.exe
PID 3936 wrote to memory of 4084	3936	AdminÁUnicorn-24554.exe	UsersÁUnicorn-9865.exe
PID 3928 wrote to memory of 3396	3928	AppDataÁUnicorn-53012.exe	AdminÁUnicorn-23571.exe
PID 3928 wrote to memory of 3396	3928	AppDataÁUnicorn-53012.exe	AdminÁUnicorn-23571.exe
PID 3928 wrote to memory of 3396	3928	AppDataÁUnicorn-53012.exe	AdminÁUnicorn-23571.exe
PID 2796 wrote to memory of 3780	2796	AppDataÁUnicorn-35757.exe	AdminÁUnicorn-5843.exe
PID 2796 wrote to memory of 3780	2796	AppDataÁUnicorn-35757.exe	AdminÁUnicorn-5843.exe
PID 2796 wrote to memory of 3780	2796	AppDataÁUnicorn-35757.exe	AdminÁUnicorn-5843.exe
PID 2592 wrote to memory of 3988	2592	AppDataÁUnicorn-8108.exe	AdminÁUnicorn-34282.exe
PID 2592 wrote to memory of 3988	2592	AppDataÁUnicorn-8108.exe	AdminÁUnicorn-34282.exe
PID 2592 wrote to memory of 3988	2592	AppDataÁUnicorn-8108.exe	AdminÁUnicorn-34282.exe
PID 4576 wrote to memory of 2756	4576	LocalÁUnicorn-6032.exe	AppDataÁUnicorn-17261.exe
PID 4576 wrote to memory of 2756	4576	LocalÁUnicorn-6032.exe	AppDataÁUnicorn-17261.exe
PID 4576 wrote to memory of 2756	4576	LocalÁUnicorn-6032.exe	AppDataÁUnicorn-17261.exe
PID 3184 wrote to memory of 4932	3184	LocalÁUnicorn-1008.exe	AppDataÁUnicorn-30643.exe
PID 3184 wrote to memory of 4932	3184	LocalÁUnicorn-1008.exe	AppDataÁUnicorn-30643.exe
PID 3184 wrote to memory of 4932	3184	LocalÁUnicorn-1008.exe	AppDataÁUnicorn-30643.exe
PID 4612 wrote to memory of 3676	4612	AppDataÁUnicorn-6162.exe	AdminÁUnicorn-35050.exe
PID 4612 wrote to memory of 3676	4612	AppDataÁUnicorn-6162.exe	AdminÁUnicorn-35050.exe
PID 4612 wrote to memory of 3676	4612	AppDataÁUnicorn-6162.exe	AdminÁUnicorn-35050.exe
PID 4812 wrote to memory of 1196	4812	LocalÁUnicorn-20874.exe	AppDataÁUnicorn-61562.exe
PID 4812 wrote to memory of 1196	4812	LocalÁUnicorn-20874.exe	AppDataÁUnicorn-61562.exe
PID 4812 wrote to memory of 1196	4812	LocalÁUnicorn-20874.exe	AppDataÁUnicorn-61562.exe
PID 4084 wrote to memory of 1036	4084	UsersÁUnicorn-9865.exe	ÁUnicorn-61459.exe
PID 4084 wrote to memory of 1036	4084	UsersÁUnicorn-9865.exe	ÁUnicorn-61459.exe
PID 4084 wrote to memory of 1036	4084	UsersÁUnicorn-9865.exe	ÁUnicorn-61459.exe
PID 3936 wrote to memory of 3068	3936	AdminÁUnicorn-24554.exe	UsersÁUnicorn-64593.exe
PID 3936 wrote to memory of 3068	3936	AdminÁUnicorn-24554.exe	UsersÁUnicorn-64593.exe
PID 3936 wrote to memory of 3068	3936	AdminÁUnicorn-24554.exe	UsersÁUnicorn-64593.exe
PID 3396 wrote to memory of 4900	3396	AdminÁUnicorn-23571.exe	UsersÁUnicorn-20266.exe

C:\Users\Admin\AppData\Local\Temp\ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe
"C:\Users\Admin\AppData\Local\Temp\ac0bff2b3609e43eeefaa1c29197ebd3aa1243ec4f4baae52422aac122cfdc84.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5064

C:\Users\Admin\AppData\Local\TempÁUnicorn-36973.exe
C:\Users\Admin\AppData\Local\TempÁUnicorn-36973.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344

C:\Users\Admin\AppData\LocalÁUnicorn-55149.exe
C:\Users\Admin\AppData\LocalÁUnicorn-55149.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536

C:\Users\Admin\AppDataÁUnicorn-35757.exe
C:\Users\Admin\AppDataÁUnicorn-35757.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\AdminÁUnicorn-24554.exe
C:\Users\AdminÁUnicorn-24554.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3936

C:\UsersÁUnicorn-9865.exe
C:\UsersÁUnicorn-9865.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4084

C:\ÁUnicorn-61459.exe
C:\ÁUnicorn-61459.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\ÁUnicorn-16237.exe
C:\ÁUnicorn-16237.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\ÁUnicorn-59667.exe
C:\ÁUnicorn-59667.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4648

C:\ÁUnicorn-51274.exe
C:\ÁUnicorn-51274.exe
10⤵
PID:2412

C:\ÁUnicorn-44845.exe
C:\ÁUnicorn-44845.exe
11⤵
PID:5244

C:\ÁUnicorn-1641.exe
C:\ÁUnicorn-1641.exe
12⤵
PID:1996

C:\ÁUnicorn-40397.exe
C:\ÁUnicorn-40397.exe
13⤵
PID:3936

C:\ÁUnicorn-17651.exe
C:\ÁUnicorn-17651.exe
9⤵
PID:4604

C:\ÁUnicorn-6028.exe
C:\ÁUnicorn-6028.exe
10⤵
PID:5628

C:\ÁUnicorn-17101.exe
C:\ÁUnicorn-17101.exe
11⤵
PID:2920

C:\ÁUnicorn-17709.exe
C:\ÁUnicorn-17709.exe
12⤵
PID:780

C:\ÁUnicorn-18413.exe
C:\ÁUnicorn-18413.exe
13⤵
PID:4584

C:\ÁUnicorn-31338.exe
C:\ÁUnicorn-31338.exe
14⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 740
9⤵
- Program crash
PID:5536

C:\ÁUnicorn-41939.exe
C:\ÁUnicorn-41939.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\ÁUnicorn-17424.exe
C:\ÁUnicorn-17424.exe
9⤵
PID:4084

C:\ÁUnicorn-58384.exe
C:\ÁUnicorn-58384.exe
10⤵
PID:1928

C:\ÁUnicorn-3468.exe
C:\ÁUnicorn-3468.exe
11⤵
PID:6132

C:\ÁUnicorn-46954.exe
C:\ÁUnicorn-46954.exe
12⤵
PID:6024

C:\ÁUnicorn-35533.exe
C:\ÁUnicorn-35533.exe
13⤵
PID:5860

C:\ÁUnicorn-19818.exe
C:\ÁUnicorn-19818.exe
14⤵
PID:2932

C:\ÁUnicorn-43757.exe
C:\ÁUnicorn-43757.exe
15⤵
PID:1932

C:\ÁUnicorn-41799.exe
C:\ÁUnicorn-41799.exe
16⤵
PID:5588

C:\ÁUnicorn-44615.exe
C:\ÁUnicorn-44615.exe
17⤵
PID:6600

C:\ÁUnicorn-60161.exe
C:\ÁUnicorn-60161.exe
18⤵
PID:6240

C:\ÁUnicorn-34852.exe
C:\ÁUnicorn-34852.exe
19⤵
PID:7936

C:\ÁUnicorn-11939.exe
C:\ÁUnicorn-11939.exe
20⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 636
18⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 744
17⤵
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 648
16⤵
- Program crash
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 744
15⤵
- Program crash
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 736
8⤵
- Program crash
PID:1196

C:\ÁUnicorn-14160.exe
C:\ÁUnicorn-14160.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\ÁUnicorn-47498.exe
C:\ÁUnicorn-47498.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\ÁUnicorn-6380.exe
C:\ÁUnicorn-6380.exe
9⤵
PID:3988

C:\ÁUnicorn-16714.exe
C:\ÁUnicorn-16714.exe
10⤵
PID:5844

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
11⤵
PID:5072

C:\ÁUnicorn-49834.exe
C:\ÁUnicorn-49834.exe
12⤵
PID:5360

C:\ÁUnicorn-556.exe
C:\ÁUnicorn-556.exe
13⤵
PID:5368

C:\ÁUnicorn-50324.exe
C:\ÁUnicorn-50324.exe
8⤵
PID:544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 724
7⤵
- Program crash
PID:2376

C:\UsersÁUnicorn-64593.exe
C:\UsersÁUnicorn-64593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\ÁUnicorn-17005.exe
C:\ÁUnicorn-17005.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5072

C:\ÁUnicorn-5609.exe
C:\ÁUnicorn-5609.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\ÁUnicorn-22032.exe
C:\ÁUnicorn-22032.exe
9⤵
PID:3296

C:\ÁUnicorn-42102.exe
C:\ÁUnicorn-42102.exe
10⤵
PID:2900

C:\ÁUnicorn-62641.exe
C:\ÁUnicorn-62641.exe
11⤵
PID:2160

C:\ÁUnicorn-19306.exe
C:\ÁUnicorn-19306.exe
12⤵
PID:1064

C:\ÁUnicorn-43917.exe
C:\ÁUnicorn-43917.exe
13⤵
PID:5364

C:\ÁUnicorn-18573.exe
C:\ÁUnicorn-18573.exe
14⤵
PID:748

C:\ÁUnicorn-64103.exe
C:\ÁUnicorn-64103.exe
15⤵
PID:5860

C:\ÁUnicorn-27268.exe
C:\ÁUnicorn-27268.exe
16⤵
PID:5080

C:\ÁUnicorn-45735.exe
C:\ÁUnicorn-45735.exe
17⤵
PID:6464

C:\ÁUnicorn-50503.exe
C:\ÁUnicorn-50503.exe
18⤵
PID:7760

C:\ÁUnicorn-26282.exe
C:\ÁUnicorn-26282.exe
19⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 692
16⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 660
15⤵
PID:6460

C:\ÁUnicorn-54260.exe
C:\ÁUnicorn-54260.exe
13⤵
PID:5900

C:\ÁUnicorn-4547.exe
C:\ÁUnicorn-4547.exe
14⤵
PID:5352

C:\ÁUnicorn-14307.exe
C:\ÁUnicorn-14307.exe
15⤵
PID:3984

C:\ÁUnicorn-451.exe
C:\ÁUnicorn-451.exe
16⤵
PID:8284

C:\ÁUnicorn-64487.exe
C:\ÁUnicorn-64487.exe
17⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 740
14⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 748
13⤵
- Program crash
PID:6208

C:\ÁUnicorn-720.exe
C:\ÁUnicorn-720.exe
12⤵
PID:2668

C:\ÁUnicorn-64839.exe
C:\ÁUnicorn-64839.exe
13⤵
PID:2692

C:\ÁUnicorn-19815.exe
C:\ÁUnicorn-19815.exe
14⤵
PID:3960

C:\ÁUnicorn-55428.exe
C:\ÁUnicorn-55428.exe
15⤵
PID:3376

C:\ÁUnicorn-1219.exe
C:\ÁUnicorn-1219.exe
16⤵
PID:8348

C:\ÁUnicorn-17191.exe
C:\ÁUnicorn-17191.exe
17⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 612
15⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 632
14⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 724
13⤵
- Program crash
PID:6328

C:\ÁUnicorn-50324.exe
C:\ÁUnicorn-50324.exe
8⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 740
8⤵
- Program crash
PID:2256

C:\ÁUnicorn-18992.exe
C:\ÁUnicorn-18992.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4656

C:\ÁUnicorn-22032.exe
C:\ÁUnicorn-22032.exe
8⤵
PID:4572

C:\ÁUnicorn-16714.exe
C:\ÁUnicorn-16714.exe
9⤵
PID:5908

C:\ÁUnicorn-24621.exe
C:\ÁUnicorn-24621.exe
10⤵
PID:5840

C:\ÁUnicorn-51661.exe
C:\ÁUnicorn-51661.exe
11⤵
PID:3676

C:\ÁUnicorn-46989.exe
C:\ÁUnicorn-46989.exe
12⤵
PID:6092

C:\ÁUnicorn-24717.exe
C:\ÁUnicorn-24717.exe
13⤵
PID:5444

C:\ÁUnicorn-63428.exe
C:\ÁUnicorn-63428.exe
14⤵
PID:3912

C:\ÁUnicorn-58564.exe
C:\ÁUnicorn-58564.exe
15⤵
PID:6644

C:\ÁUnicorn-11043.exe
C:\ÁUnicorn-11043.exe
16⤵
PID:4840

C:\ÁUnicorn-49735.exe
C:\ÁUnicorn-49735.exe
17⤵
PID:6476

C:\ÁUnicorn-51300.exe
C:\ÁUnicorn-51300.exe
18⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 736
16⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 660
15⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 664
14⤵
- Program crash
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 752
7⤵
- Program crash
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 756
6⤵
- Program crash
PID:3176

C:\Users\AdminÁUnicorn-5843.exe
C:\Users\AdminÁUnicorn-5843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3780

C:\UsersÁUnicorn-10281.exe
C:\UsersÁUnicorn-10281.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\ÁUnicorn-17898.exe
C:\ÁUnicorn-17898.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4256

C:\ÁUnicorn-13388.exe
C:\ÁUnicorn-13388.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\ÁUnicorn-17258.exe
C:\ÁUnicorn-17258.exe
9⤵
PID:5456

C:\ÁUnicorn-45328.exe
C:\ÁUnicorn-45328.exe
10⤵
PID:6108

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
11⤵
PID:4880

C:\ÁUnicorn-54157.exe
C:\ÁUnicorn-54157.exe
12⤵
PID:5636

C:\ÁUnicorn-54135.exe
C:\ÁUnicorn-54135.exe
13⤵
PID:2068

C:\ÁUnicorn-10371.exe
C:\ÁUnicorn-10371.exe
14⤵
PID:2832

C:\ÁUnicorn-58564.exe
C:\ÁUnicorn-58564.exe
15⤵
PID:6552

C:\ÁUnicorn-58625.exe
C:\ÁUnicorn-58625.exe
16⤵
PID:368

C:\ÁUnicorn-2755.exe
C:\ÁUnicorn-2755.exe
17⤵
PID:8180

C:\ÁUnicorn-60647.exe
C:\ÁUnicorn-60647.exe
18⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 636
16⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 636
15⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 712
9⤵
- Program crash
PID:5712

C:\ÁUnicorn-46484.exe
C:\ÁUnicorn-46484.exe
8⤵
PID:5548

C:\ÁUnicorn-17482.exe
C:\ÁUnicorn-17482.exe
9⤵
PID:3828

C:\ÁUnicorn-37994.exe
C:\ÁUnicorn-37994.exe
10⤵
PID:5100

C:\ÁUnicorn-13363.exe
C:\ÁUnicorn-13363.exe
11⤵
PID:3932

C:\ÁUnicorn-35277.exe
C:\ÁUnicorn-35277.exe
12⤵
PID:2788

C:\ÁUnicorn-41985.exe
C:\ÁUnicorn-41985.exe
13⤵
PID:4564

C:\ÁUnicorn-64513.exe
C:\ÁUnicorn-64513.exe
14⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 636
15⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 664
14⤵
PID:7316

C:\ÁUnicorn-26579.exe
C:\ÁUnicorn-26579.exe
7⤵
- Executes dropped EXE
PID:3928

C:\ÁUnicorn-15529.exe
C:\ÁUnicorn-15529.exe
8⤵
PID:5580

C:\ÁUnicorn-45328.exe
C:\ÁUnicorn-45328.exe
9⤵
PID:6072

C:\ÁUnicorn-13385.exe
C:\ÁUnicorn-13385.exe
10⤵
PID:2924

C:\ÁUnicorn-208.exe
C:\ÁUnicorn-208.exe
11⤵
PID:1036

C:\ÁUnicorn-33165.exe
C:\ÁUnicorn-33165.exe
12⤵
PID:5468

C:\ÁUnicorn-17805.exe
C:\ÁUnicorn-17805.exe
13⤵
PID:2704

C:\ÁUnicorn-16231.exe
C:\ÁUnicorn-16231.exe
14⤵
PID:3096

C:\ÁUnicorn-44615.exe
C:\ÁUnicorn-44615.exe
15⤵
PID:6608

C:\ÁUnicorn-60929.exe
C:\ÁUnicorn-60929.exe
16⤵
PID:3208

C:\ÁUnicorn-34852.exe
C:\ÁUnicorn-34852.exe
17⤵
PID:7360

C:\ÁUnicorn-41892.exe
C:\ÁUnicorn-41892.exe
18⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 660
16⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 656
15⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 640
14⤵
- Program crash
PID:4544

C:\ÁUnicorn-39542.exe
C:\ÁUnicorn-39542.exe
12⤵
PID:6072

C:\ÁUnicorn-21159.exe
C:\ÁUnicorn-21159.exe
13⤵
PID:5500

C:\ÁUnicorn-20778.exe
C:\ÁUnicorn-20778.exe
14⤵
PID:5496

C:\ÁUnicorn-50503.exe
C:\ÁUnicorn-50503.exe
15⤵
PID:7496

C:\ÁUnicorn-14077.exe
C:\ÁUnicorn-14077.exe
16⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 656
14⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 732
13⤵
PID:7236

C:\UsersÁUnicorn-46356.exe
C:\UsersÁUnicorn-46356.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3140

C:\ÁUnicorn-44307.exe
C:\ÁUnicorn-44307.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\ÁUnicorn-33485.exe
C:\ÁUnicorn-33485.exe
8⤵
PID:5492

C:\ÁUnicorn-15177.exe
C:\ÁUnicorn-15177.exe
9⤵
PID:5124

C:\ÁUnicorn-13385.exe
C:\ÁUnicorn-13385.exe
10⤵
PID:948

C:\ÁUnicorn-38506.exe
C:\ÁUnicorn-38506.exe
11⤵
PID:632

C:\ÁUnicorn-51597.exe
C:\ÁUnicorn-51597.exe
12⤵
PID:3304

C:\ÁUnicorn-9231.exe
C:\ÁUnicorn-9231.exe
13⤵
PID:2480

C:\ÁUnicorn-25447.exe
C:\ÁUnicorn-25447.exe
14⤵
PID:5096

C:\ÁUnicorn-40676.exe
C:\ÁUnicorn-40676.exe
15⤵
PID:4980

C:\ÁUnicorn-25060.exe
C:\ÁUnicorn-25060.exe
16⤵
PID:6540

C:\ÁUnicorn-19527.exe
C:\ÁUnicorn-19527.exe
17⤵
PID:6404

C:\ÁUnicorn-36388.exe
C:\ÁUnicorn-36388.exe
18⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 664
16⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 636
15⤵
PID:4400

C:\ÁUnicorn-4851.exe
C:\ÁUnicorn-4851.exe
12⤵
PID:4808

C:\ÁUnicorn-56391.exe
C:\ÁUnicorn-56391.exe
13⤵
PID:5380

C:\ÁUnicorn-18689.exe
C:\ÁUnicorn-18689.exe
14⤵
PID:6436

C:\ÁUnicorn-18916.exe
C:\ÁUnicorn-18916.exe
15⤵
PID:7012

C:\ÁUnicorn-34084.exe
C:\ÁUnicorn-34084.exe
16⤵
PID:8384

C:\ÁUnicorn-13286.exe
C:\ÁUnicorn-13286.exe
17⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 740
15⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 752
13⤵
- Program crash
PID:6496

C:\ÁUnicorn-46484.exe
C:\ÁUnicorn-46484.exe
7⤵
PID:5540

C:\ÁUnicorn-50346.exe
C:\ÁUnicorn-50346.exe
8⤵
PID:5452

C:\ÁUnicorn-62093.exe
C:\ÁUnicorn-62093.exe
9⤵
PID:2352

C:\ÁUnicorn-18413.exe
C:\ÁUnicorn-18413.exe
10⤵
PID:5248

C:\ÁUnicorn-11244.exe
C:\ÁUnicorn-11244.exe
11⤵
PID:5772

C:\ÁUnicorn-5866.exe
C:\ÁUnicorn-5866.exe
12⤵
PID:4388

C:\ÁUnicorn-61799.exe
C:\ÁUnicorn-61799.exe
13⤵
PID:3384

C:\ÁUnicorn-53892.exe
C:\ÁUnicorn-53892.exe
14⤵
PID:2164

C:\ÁUnicorn-39812.exe
C:\ÁUnicorn-39812.exe
15⤵
PID:5956

C:\ÁUnicorn-17665.exe
C:\ÁUnicorn-17665.exe
16⤵
PID:7704

C:\ÁUnicorn-13862.exe
C:\ÁUnicorn-13862.exe
17⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 664
15⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 612
14⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 612
14⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 636
13⤵
PID:7276

C:\ÁUnicorn-30803.exe
C:\ÁUnicorn-30803.exe
11⤵
PID:3480

C:\ÁUnicorn-37604.exe
C:\ÁUnicorn-37604.exe
12⤵
PID:4820

C:\ÁUnicorn-62631.exe
C:\ÁUnicorn-62631.exe
13⤵
PID:6004

C:\ÁUnicorn-27649.exe
C:\ÁUnicorn-27649.exe
14⤵
PID:7808

C:\ÁUnicorn-33022.exe
C:\ÁUnicorn-33022.exe
15⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 628
13⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 720
12⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 636
11⤵
- Program crash
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 748
6⤵
- Program crash
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 720
5⤵
- Program crash
PID:1204

C:\Users\Admin\AppDataÁUnicorn-53012.exe
C:\Users\Admin\AppDataÁUnicorn-53012.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3928

C:\Users\AdminÁUnicorn-23571.exe
C:\Users\AdminÁUnicorn-23571.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3396

C:\UsersÁUnicorn-20266.exe
C:\UsersÁUnicorn-20266.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4900

C:\ÁUnicorn-393.exe
C:\ÁUnicorn-393.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3372

C:\ÁUnicorn-35193.exe
C:\ÁUnicorn-35193.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:428

C:\ÁUnicorn-14953.exe
C:\ÁUnicorn-14953.exe
8⤵
PID:5404

C:\ÁUnicorn-16714.exe
C:\ÁUnicorn-16714.exe
9⤵
PID:1324

C:\ÁUnicorn-44714.exe
C:\ÁUnicorn-44714.exe
10⤵
PID:2744

C:\ÁUnicorn-2252.exe
C:\ÁUnicorn-2252.exe
11⤵
PID:2080

C:\ÁUnicorn-47245.exe
C:\ÁUnicorn-47245.exe
12⤵
PID:5548

C:\ÁUnicorn-26896.exe
C:\ÁUnicorn-26896.exe
13⤵
PID:5908

C:\ÁUnicorn-9641.exe
C:\ÁUnicorn-9641.exe
14⤵
PID:1912

C:\ÁUnicorn-57476.exe
C:\ÁUnicorn-57476.exe
15⤵
PID:2092

C:\ÁUnicorn-58564.exe
C:\ÁUnicorn-58564.exe
16⤵
PID:6636

C:\ÁUnicorn-60929.exe
C:\ÁUnicorn-60929.exe
17⤵
PID:3588

C:\ÁUnicorn-16295.exe
C:\ÁUnicorn-16295.exe
18⤵
PID:8324

C:\ÁUnicorn-40100.exe
C:\ÁUnicorn-40100.exe
19⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 596
17⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 636
16⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 636
15⤵
- Program crash
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 632
9⤵
- Program crash
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 764
7⤵
- Program crash
PID:5172

C:\UsersÁUnicorn-19635.exe
C:\UsersÁUnicorn-19635.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3292

C:\ÁUnicorn-38282.exe
C:\ÁUnicorn-38282.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3996

C:\ÁUnicorn-30413.exe
C:\ÁUnicorn-30413.exe
8⤵
PID:5292

C:\ÁUnicorn-58129.exe
C:\ÁUnicorn-58129.exe
7⤵
PID:5360

C:\ÁUnicorn-47632.exe
C:\ÁUnicorn-47632.exe
8⤵
PID:5860

C:\ÁUnicorn-35565.exe
C:\ÁUnicorn-35565.exe
9⤵
PID:5764

C:\ÁUnicorn-6092.exe
C:\ÁUnicorn-6092.exe
10⤵
PID:5484

C:\ÁUnicorn-47245.exe
C:\ÁUnicorn-47245.exe
11⤵
PID:4572

C:\ÁUnicorn-8691.exe
C:\ÁUnicorn-8691.exe
12⤵
PID:4612

C:\ÁUnicorn-10371.exe
C:\ÁUnicorn-10371.exe
13⤵
PID:4004

C:\ÁUnicorn-40676.exe
C:\ÁUnicorn-40676.exe
14⤵
PID:6232

C:\ÁUnicorn-40519.exe
C:\ÁUnicorn-40519.exe
15⤵
PID:184

C:\ÁUnicorn-39812.exe
C:\ÁUnicorn-39812.exe
16⤵
PID:5216

C:\ÁUnicorn-13453.exe
C:\ÁUnicorn-13453.exe
17⤵
PID:6568

C:\ÁUnicorn-13862.exe
C:\ÁUnicorn-13862.exe
18⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 636
15⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 628
14⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 652
13⤵
- Program crash
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 716
6⤵
- Program crash
PID:1356

C:\Users\AdminÁUnicorn-30768.exe
C:\Users\AdminÁUnicorn-30768.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\UsersÁUnicorn-6828.exe
C:\UsersÁUnicorn-6828.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3912

C:\ÁUnicorn-8681.exe
C:\ÁUnicorn-8681.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\ÁUnicorn-30413.exe
C:\ÁUnicorn-30413.exe
8⤵
PID:5300

C:\ÁUnicorn-58321.exe
C:\ÁUnicorn-58321.exe
7⤵
PID:5380

C:\ÁUnicorn-16714.exe
C:\ÁUnicorn-16714.exe
8⤵
PID:1196

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
9⤵
PID:3480

C:\ÁUnicorn-52621.exe
C:\ÁUnicorn-52621.exe
10⤵
PID:2236

C:\ÁUnicorn-31338.exe
C:\ÁUnicorn-31338.exe
11⤵
PID:1772

C:\ÁUnicorn-55505.exe
C:\ÁUnicorn-55505.exe
11⤵
PID:788

C:\ÁUnicorn-7590.exe
C:\ÁUnicorn-7590.exe
12⤵
PID:5524

C:\ÁUnicorn-29674.exe
C:\ÁUnicorn-29674.exe
13⤵
PID:7160

C:\ÁUnicorn-59559.exe
C:\ÁUnicorn-59559.exe
14⤵
PID:680

C:\ÁUnicorn-50503.exe
C:\ÁUnicorn-50503.exe
15⤵
PID:7764

C:\ÁUnicorn-22884.exe
C:\ÁUnicorn-22884.exe
16⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 608
14⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 640
13⤵
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 640
13⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 636
12⤵
- Program crash
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 636
12⤵
- Program crash
PID:516

C:\UsersÁUnicorn-37139.exe
C:\UsersÁUnicorn-37139.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5016

C:\ÁUnicorn-30605.exe
C:\ÁUnicorn-30605.exe
7⤵
PID:5332

C:\ÁUnicorn-47466.exe
C:\ÁUnicorn-47466.exe
8⤵
PID:6136

C:\ÁUnicorn-53930.exe
C:\ÁUnicorn-53930.exe
9⤵
PID:2788

C:\ÁUnicorn-51562.exe
C:\ÁUnicorn-51562.exe
10⤵
PID:5164

C:\ÁUnicorn-64074.exe
C:\ÁUnicorn-64074.exe
11⤵
PID:1208

C:\ÁUnicorn-8691.exe
C:\ÁUnicorn-8691.exe
12⤵
PID:2428

C:\ÁUnicorn-10947.exe
C:\ÁUnicorn-10947.exe
13⤵
PID:5692

C:\ÁUnicorn-29674.exe
C:\ÁUnicorn-29674.exe
14⤵
PID:7144

C:\ÁUnicorn-20493.exe
C:\ÁUnicorn-20493.exe
15⤵
PID:6012

C:\ÁUnicorn-23492.exe
C:\ÁUnicorn-23492.exe
16⤵
PID:6948

C:\ÁUnicorn-45895.exe
C:\ÁUnicorn-45895.exe
17⤵
PID:7456

C:\ÁUnicorn-64683.exe
C:\ÁUnicorn-64683.exe
16⤵
PID:8852

C:\ÁUnicorn-13862.exe
C:\ÁUnicorn-13862.exe
17⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 636
14⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 656
13⤵
- Program crash
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 652
12⤵
- Program crash
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 740
6⤵
- Program crash
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 740
5⤵
- Program crash
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 728
4⤵
- Program crash
PID:4436

C:\Users\Admin\AppData\LocalÁUnicorn-1008.exe
C:\Users\Admin\AppData\LocalÁUnicorn-1008.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3184

C:\Users\Admin\AppDataÁUnicorn-8108.exe
C:\Users\Admin\AppDataÁUnicorn-8108.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\AdminÁUnicorn-34282.exe
C:\Users\AdminÁUnicorn-34282.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3988

C:\UsersÁUnicorn-58797.exe
C:\UsersÁUnicorn-58797.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\ÁUnicorn-49802.exe
C:\ÁUnicorn-49802.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4156

C:\ÁUnicorn-50285.exe
C:\ÁUnicorn-50285.exe
8⤵
PID:4160

C:\ÁUnicorn-17549.exe
C:\ÁUnicorn-17549.exe
9⤵
PID:5884

C:\ÁUnicorn-18579.exe
C:\ÁUnicorn-18579.exe
10⤵
PID:4592

C:\ÁUnicorn-52906.exe
C:\ÁUnicorn-52906.exe
11⤵
PID:4428

C:\ÁUnicorn-14380.exe
C:\ÁUnicorn-14380.exe
12⤵
PID:1192

C:\ÁUnicorn-8691.exe
C:\ÁUnicorn-8691.exe
13⤵
PID:5220

C:\ÁUnicorn-10371.exe
C:\ÁUnicorn-10371.exe
14⤵
PID:5972

C:\ÁUnicorn-2378.exe
C:\ÁUnicorn-2378.exe
15⤵
PID:6892

C:\ÁUnicorn-20327.exe
C:\ÁUnicorn-20327.exe
16⤵
PID:2900

C:\ÁUnicorn-35044.exe
C:\ÁUnicorn-35044.exe
17⤵
PID:8096

C:\ÁUnicorn-22692.exe
C:\ÁUnicorn-22692.exe
18⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 728
16⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 608
15⤵
PID:2260

C:\ÁUnicorn-45943.exe
C:\ÁUnicorn-45943.exe
9⤵
PID:5076

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
10⤵
PID:3908

C:\ÁUnicorn-33005.exe
C:\ÁUnicorn-33005.exe
11⤵
PID:2100

C:\ÁUnicorn-13008.exe
C:\ÁUnicorn-13008.exe
12⤵
PID:5320

C:\ÁUnicorn-783.exe
C:\ÁUnicorn-783.exe
13⤵
PID:548

C:\ÁUnicorn-64103.exe
C:\ÁUnicorn-64103.exe
14⤵
PID:4420

C:\ÁUnicorn-21220.exe
C:\ÁUnicorn-21220.exe
15⤵
PID:6848

C:\ÁUnicorn-59905.exe
C:\ÁUnicorn-59905.exe
16⤵
PID:5140

C:\ÁUnicorn-15526.exe
C:\ÁUnicorn-15526.exe
17⤵
PID:7996

C:\ÁUnicorn-17191.exe
C:\ÁUnicorn-17191.exe
18⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 664
15⤵
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 740
14⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 740
14⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 636
10⤵
- Program crash
PID:5904

C:\ÁUnicorn-61492.exe
C:\ÁUnicorn-61492.exe
8⤵
PID:5968

C:\ÁUnicorn-45930.exe
C:\ÁUnicorn-45930.exe
9⤵
PID:5920

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
10⤵
PID:6048

C:\ÁUnicorn-60301.exe
C:\ÁUnicorn-60301.exe
11⤵
PID:2300

C:\ÁUnicorn-13008.exe
C:\ÁUnicorn-13008.exe
12⤵
PID:5868

C:\ÁUnicorn-31818.exe
C:\ÁUnicorn-31818.exe
13⤵
PID:2996

C:\ÁUnicorn-62375.exe
C:\ÁUnicorn-62375.exe
14⤵
PID:6044

C:\ÁUnicorn-38049.exe
C:\ÁUnicorn-38049.exe
15⤵
PID:6524

C:\ÁUnicorn-2947.exe
C:\ÁUnicorn-2947.exe
16⤵
PID:8332

C:\ÁUnicorn-26282.exe
C:\ÁUnicorn-26282.exe
17⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 664
15⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 656
14⤵
PID:7204

C:\ÁUnicorn-22547.exe
C:\ÁUnicorn-22547.exe
7⤵
PID:3388

C:\ÁUnicorn-3599.exe
C:\ÁUnicorn-3599.exe
8⤵
PID:6124

C:\ÁUnicorn-33939.exe
C:\ÁUnicorn-33939.exe
8⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 720
7⤵
- Program crash
PID:5100

C:\UsersÁUnicorn-43641.exe
C:\UsersÁUnicorn-43641.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3600

C:\ÁUnicorn-41837.exe
C:\ÁUnicorn-41837.exe
7⤵
PID:5040

C:\ÁUnicorn-361.exe
C:\ÁUnicorn-361.exe
8⤵
PID:6000

C:\ÁUnicorn-61581.exe
C:\ÁUnicorn-61581.exe
9⤵
PID:3208

C:\ÁUnicorn-46442.exe
C:\ÁUnicorn-46442.exe
10⤵
PID:4336

C:\ÁUnicorn-49834.exe
C:\ÁUnicorn-49834.exe
11⤵
PID:5372

C:\ÁUnicorn-18538.exe
C:\ÁUnicorn-18538.exe
12⤵
PID:5924

C:\ÁUnicorn-35277.exe
C:\ÁUnicorn-35277.exe
13⤵
PID:4336

C:\ÁUnicorn-10371.exe
C:\ÁUnicorn-10371.exe
14⤵
PID:4320

C:\ÁUnicorn-40676.exe
C:\ÁUnicorn-40676.exe
15⤵
PID:3872

C:\ÁUnicorn-53892.exe
C:\ÁUnicorn-53892.exe
16⤵
PID:6656

C:\ÁUnicorn-49153.exe
C:\ÁUnicorn-49153.exe
17⤵
PID:7136

C:\ÁUnicorn-13453.exe
C:\ÁUnicorn-13453.exe
18⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 648
17⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 648
16⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 724
15⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 664
12⤵
- Program crash
PID:5492

C:\ÁUnicorn-10416.exe
C:\ÁUnicorn-10416.exe
8⤵
PID:4420

C:\ÁUnicorn-51341.exe
C:\ÁUnicorn-51341.exe
9⤵
PID:5304

C:\ÁUnicorn-16877.exe
C:\ÁUnicorn-16877.exe
10⤵
PID:5596

C:\ÁUnicorn-56301.exe
C:\ÁUnicorn-56301.exe
11⤵
PID:5828

C:\ÁUnicorn-53066.exe
C:\ÁUnicorn-53066.exe
12⤵
PID:5516

C:\ÁUnicorn-41383.exe
C:\ÁUnicorn-41383.exe
13⤵
PID:780

C:\ÁUnicorn-40676.exe
C:\ÁUnicorn-40676.exe
14⤵
PID:6188

C:\ÁUnicorn-166.exe
C:\ÁUnicorn-166.exe
15⤵
PID:7088

C:\ÁUnicorn-7715.exe
C:\ÁUnicorn-7715.exe
16⤵
PID:6016

C:\ÁUnicorn-52039.exe
C:\ÁUnicorn-52039.exe
17⤵
PID:8672

C:\ÁUnicorn-64487.exe
C:\ÁUnicorn-64487.exe
18⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 616
16⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 728
15⤵
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 724
14⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 724
14⤵
PID:8904

C:\ÁUnicorn-32586.exe
C:\ÁUnicorn-32586.exe
12⤵
PID:5704

C:\ÁUnicorn-61649.exe
C:\ÁUnicorn-61649.exe
11⤵
PID:2616

C:\ÁUnicorn-19396.exe
C:\ÁUnicorn-19396.exe
12⤵
PID:432

C:\ÁUnicorn-13997.exe
C:\ÁUnicorn-13997.exe
13⤵
PID:6712

C:\ÁUnicorn-18916.exe
C:\ÁUnicorn-18916.exe
14⤵
PID:5624

C:\ÁUnicorn-2755.exe
C:\ÁUnicorn-2755.exe
15⤵
PID:8164

C:\ÁUnicorn-22692.exe
C:\ÁUnicorn-22692.exe
16⤵
PID:9016

C:\ÁUnicorn-31844.exe
C:\ÁUnicorn-31844.exe
17⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 644
13⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 636
7⤵
- Program crash
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 640
6⤵
- Program crash
PID:1736

C:\Users\AdminÁUnicorn-53841.exe
C:\Users\AdminÁUnicorn-53841.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4592

C:\UsersÁUnicorn-50570.exe
C:\UsersÁUnicorn-50570.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\ÁUnicorn-59434.exe
C:\ÁUnicorn-59434.exe
7⤵
PID:3676

C:\ÁUnicorn-527.exe
C:\ÁUnicorn-527.exe
8⤵
PID:5928

C:\ÁUnicorn-1843.exe
C:\ÁUnicorn-1843.exe
8⤵
PID:6116

C:\ÁUnicorn-24938.exe
C:\ÁUnicorn-24938.exe
9⤵
PID:2296

C:\ÁUnicorn-51661.exe
C:\ÁUnicorn-51661.exe
10⤵
PID:5180

C:\ÁUnicorn-46989.exe
C:\ÁUnicorn-46989.exe
11⤵
PID:4820

C:\ÁUnicorn-57389.exe
C:\ÁUnicorn-57389.exe
12⤵
PID:5140

C:\ÁUnicorn-43812.exe
C:\ÁUnicorn-43812.exe
13⤵
PID:6056

C:\ÁUnicorn-40676.exe
C:\ÁUnicorn-40676.exe
14⤵
PID:1844

C:\ÁUnicorn-54660.exe
C:\ÁUnicorn-54660.exe
15⤵
PID:412

C:\ÁUnicorn-16295.exe
C:\ÁUnicorn-16295.exe
16⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 648
15⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 636
14⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 636
14⤵
PID:8016

C:\ÁUnicorn-6832.exe
C:\ÁUnicorn-6832.exe
7⤵
PID:2304

C:\ÁUnicorn-20298.exe
C:\ÁUnicorn-20298.exe
8⤵
PID:5928

C:\ÁUnicorn-32237.exe
C:\ÁUnicorn-32237.exe
9⤵
PID:4932

C:\ÁUnicorn-13008.exe
C:\ÁUnicorn-13008.exe
10⤵
PID:6128

C:\ÁUnicorn-783.exe
C:\ÁUnicorn-783.exe
11⤵
PID:5528

C:\ÁUnicorn-23297.exe
C:\ÁUnicorn-23297.exe
12⤵
PID:1960

C:\ÁUnicorn-20778.exe
C:\ÁUnicorn-20778.exe
13⤵
PID:6344

C:\ÁUnicorn-2755.exe
C:\ÁUnicorn-2755.exe
14⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 648
12⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 748
7⤵
- Program crash
PID:824

C:\UsersÁUnicorn-40336.exe
C:\UsersÁUnicorn-40336.exe
6⤵
PID:1108

C:\ÁUnicorn-29904.exe
C:\ÁUnicorn-29904.exe
7⤵
PID:5992

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
8⤵
PID:4648

C:\ÁUnicorn-47888.exe
C:\ÁUnicorn-47888.exe
9⤵
PID:4864

C:\ÁUnicorn-13008.exe
C:\ÁUnicorn-13008.exe
10⤵
PID:4172

C:\ÁUnicorn-783.exe
C:\ÁUnicorn-783.exe
11⤵
PID:3828

C:\ÁUnicorn-46724.exe
C:\ÁUnicorn-46724.exe
12⤵
PID:228

C:\ÁUnicorn-30916.exe
C:\ÁUnicorn-30916.exe
13⤵
PID:6172

C:\ÁUnicorn-39812.exe
C:\ÁUnicorn-39812.exe
14⤵
PID:5428

C:\ÁUnicorn-16487.exe
C:\ÁUnicorn-16487.exe
15⤵
PID:8360

C:\ÁUnicorn-46535.exe
C:\ÁUnicorn-46535.exe
16⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 648
13⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 648
13⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 652
12⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 652
12⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 628
6⤵
- Program crash
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 716
5⤵
- Program crash
PID:3492

C:\Users\Admin\AppDataÁUnicorn-30643.exe
C:\Users\Admin\AppDataÁUnicorn-30643.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4932

C:\Users\AdminÁUnicorn-11049.exe
C:\Users\AdminÁUnicorn-11049.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\UsersÁUnicorn-12272.exe
C:\UsersÁUnicorn-12272.exe
6⤵
PID:4440

C:\ÁUnicorn-15722.exe
C:\ÁUnicorn-15722.exe
7⤵
PID:5596

C:\ÁUnicorn-58509.exe
C:\ÁUnicorn-58509.exe
8⤵
PID:5732

C:\ÁUnicorn-37994.exe
C:\ÁUnicorn-37994.exe
9⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 724
7⤵
- Program crash
PID:5512

C:\Users\AdminÁUnicorn-47482.exe
C:\Users\AdminÁUnicorn-47482.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3956

C:\UsersÁUnicorn-43539.exe
C:\UsersÁUnicorn-43539.exe
6⤵
PID:1208

C:\ÁUnicorn-61866.exe
C:\ÁUnicorn-61866.exe
7⤵
PID:5236

C:\ÁUnicorn-20298.exe
C:\ÁUnicorn-20298.exe
8⤵
PID:1356

C:\ÁUnicorn-32237.exe
C:\ÁUnicorn-32237.exe
9⤵
PID:5128

C:\ÁUnicorn-60564.exe
C:\ÁUnicorn-60564.exe
10⤵
PID:2532

C:\ÁUnicorn-15500.exe
C:\ÁUnicorn-15500.exe
11⤵
PID:5720

C:\ÁUnicorn-1155.exe
C:\ÁUnicorn-1155.exe
12⤵
PID:1888

C:\ÁUnicorn-58564.exe
C:\ÁUnicorn-58564.exe
13⤵
PID:6568

C:\ÁUnicorn-20327.exe
C:\ÁUnicorn-20327.exe
14⤵
PID:4956

C:\ÁUnicorn-49735.exe
C:\ÁUnicorn-49735.exe
15⤵
PID:7476

C:\ÁUnicorn-34087.exe
C:\ÁUnicorn-34087.exe
16⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 648
13⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 640
12⤵
- Program crash
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 640
10⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 728
4⤵
- Program crash
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 720
3⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\TempÁUnicorn-52881.exe
C:\Users\Admin\AppData\Local\TempÁUnicorn-52881.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:988

C:\Users\Admin\AppData\LocalÁUnicorn-20874.exe
C:\Users\Admin\AppData\LocalÁUnicorn-20874.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4812

C:\Users\Admin\AppDataÁUnicorn-6162.exe
C:\Users\Admin\AppDataÁUnicorn-6162.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4612

C:\Users\AdminÁUnicorn-35050.exe
C:\Users\AdminÁUnicorn-35050.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3676

C:\UsersÁUnicorn-11049.exe
C:\UsersÁUnicorn-11049.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\ÁUnicorn-54218.exe
C:\ÁUnicorn-54218.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4100

C:\ÁUnicorn-43949.exe
C:\ÁUnicorn-43949.exe
8⤵
PID:3460

C:\ÁUnicorn-5779.exe
C:\ÁUnicorn-5779.exe
9⤵
PID:2396

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
10⤵
PID:1932

C:\ÁUnicorn-39440.exe
C:\ÁUnicorn-39440.exe
11⤵
PID:5864

C:\ÁUnicorn-18538.exe
C:\ÁUnicorn-18538.exe
12⤵
PID:5416

C:\ÁUnicorn-47223.exe
C:\ÁUnicorn-47223.exe
13⤵
PID:712

C:\ÁUnicorn-19815.exe
C:\ÁUnicorn-19815.exe
14⤵
PID:5732

C:\ÁUnicorn-768.exe
C:\ÁUnicorn-768.exe
15⤵
PID:6916

C:\ÁUnicorn-4934.exe
C:\ÁUnicorn-4934.exe
16⤵
PID:7372

C:\ÁUnicorn-21316.exe
C:\ÁUnicorn-21316.exe
17⤵
PID:4272

C:\ÁUnicorn-30884.exe
C:\ÁUnicorn-30884.exe
18⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 732
15⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 740
14⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 636
13⤵
- Program crash
PID:6248

C:\ÁUnicorn-19763.exe
C:\ÁUnicorn-19763.exe
7⤵
PID:4676

C:\ÁUnicorn-16714.exe
C:\ÁUnicorn-16714.exe
8⤵
PID:2936

C:\ÁUnicorn-37994.exe
C:\ÁUnicorn-37994.exe
9⤵
PID:3464

C:\ÁUnicorn-54925.exe
C:\ÁUnicorn-54925.exe
10⤵
PID:5848

C:\ÁUnicorn-13008.exe
C:\ÁUnicorn-13008.exe
11⤵
PID:5200

C:\ÁUnicorn-50669.exe
C:\ÁUnicorn-50669.exe
12⤵
PID:5552

C:\ÁUnicorn-6656.exe
C:\ÁUnicorn-6656.exe
13⤵
PID:5688

C:\ÁUnicorn-13027.exe
C:\ÁUnicorn-13027.exe
14⤵
PID:7032

C:\ÁUnicorn-20327.exe
C:\ÁUnicorn-20327.exe
15⤵
PID:2820

C:\ÁUnicorn-451.exe
C:\ÁUnicorn-451.exe
16⤵
PID:8476

C:\ÁUnicorn-41415.exe
C:\ÁUnicorn-41415.exe
17⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 744
14⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 624
13⤵
- Program crash
PID:5508

C:\UsersÁUnicorn-1680.exe
C:\UsersÁUnicorn-1680.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4424

C:\ÁUnicorn-43949.exe
C:\ÁUnicorn-43949.exe
7⤵
PID:2588

C:\Users\AdminÁUnicorn-36819.exe
C:\Users\AdminÁUnicorn-36819.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4844

C:\UsersÁUnicorn-37197.exe
C:\UsersÁUnicorn-37197.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\ÁUnicorn-43949.exe
C:\ÁUnicorn-43949.exe
7⤵
PID:2656

C:\ÁUnicorn-59920.exe
C:\ÁUnicorn-59920.exe
8⤵
PID:4996

C:\ÁUnicorn-5289.exe
C:\ÁUnicorn-5289.exe
9⤵
PID:5652

C:\ÁUnicorn-2633.exe
C:\ÁUnicorn-2633.exe
10⤵
PID:6012

C:\ÁUnicorn-31760.exe
C:\ÁUnicorn-31760.exe
11⤵
PID:4680

C:\ÁUnicorn-31338.exe
C:\ÁUnicorn-31338.exe
12⤵
PID:4928

C:\ÁUnicorn-57581.exe
C:\ÁUnicorn-57581.exe
13⤵
PID:5844

C:\ÁUnicorn-6822.exe
C:\ÁUnicorn-6822.exe
14⤵
PID:3876

C:\ÁUnicorn-58564.exe
C:\ÁUnicorn-58564.exe
15⤵
PID:6560

C:\ÁUnicorn-20327.exe
C:\ÁUnicorn-20327.exe
16⤵
PID:5432

C:\ÁUnicorn-35620.exe
C:\ÁUnicorn-35620.exe
17⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 648
16⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 636
14⤵
- Program crash
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 652
10⤵
- Program crash
PID:6072

C:\ÁUnicorn-1843.exe
C:\ÁUnicorn-1843.exe
8⤵
PID:5232

C:\ÁUnicorn-17901.exe
C:\ÁUnicorn-17901.exe
9⤵
PID:5520

C:\ÁUnicorn-19949.exe
C:\ÁUnicorn-19949.exe
10⤵
PID:6080

C:\ÁUnicorn-13929.exe
C:\ÁUnicorn-13929.exe
11⤵
PID:4420

C:\ÁUnicorn-18448.exe
C:\ÁUnicorn-18448.exe
12⤵
PID:4860

C:\ÁUnicorn-6982.exe
C:\ÁUnicorn-6982.exe
13⤵
PID:1404

C:\ÁUnicorn-61799.exe
C:\ÁUnicorn-61799.exe
14⤵
PID:3968

C:\ÁUnicorn-30916.exe
C:\ÁUnicorn-30916.exe
15⤵
PID:5828

C:\ÁUnicorn-57191.exe
C:\ÁUnicorn-57191.exe
16⤵
PID:4524

C:\ÁUnicorn-2947.exe
C:\ÁUnicorn-2947.exe
17⤵
PID:8272

C:\ÁUnicorn-13862.exe
C:\ÁUnicorn-13862.exe
18⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 636
15⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 668
14⤵
PID:6324

C:\ÁUnicorn-37523.exe
C:\ÁUnicorn-37523.exe
11⤵
PID:6064

C:\ÁUnicorn-1155.exe
C:\ÁUnicorn-1155.exe
12⤵
PID:5328

C:\ÁUnicorn-2435.exe
C:\ÁUnicorn-2435.exe
13⤵
PID:6488

C:\ÁUnicorn-20778.exe
C:\ÁUnicorn-20778.exe
14⤵
PID:6112

C:\ÁUnicorn-2755.exe
C:\ÁUnicorn-2755.exe
15⤵
PID:7980

C:\ÁUnicorn-22692.exe
C:\ÁUnicorn-22692.exe
16⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 656
13⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 636
12⤵
- Program crash
PID:6700

C:\UsersÁUnicorn-2166.exe
C:\UsersÁUnicorn-2166.exe
6⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 720
5⤵
- Program crash
PID:4652

C:\Users\Admin\AppDataÁUnicorn-61562.exe
C:\Users\Admin\AppDataÁUnicorn-61562.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\AdminÁUnicorn-58797.exe
C:\Users\AdminÁUnicorn-58797.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:228

C:\UsersÁUnicorn-16362.exe
C:\UsersÁUnicorn-16362.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4412

C:\ÁUnicorn-50285.exe
C:\ÁUnicorn-50285.exe
7⤵
PID:3936

C:\ÁUnicorn-8207.exe
C:\ÁUnicorn-8207.exe
8⤵
PID:5848

C:\ÁUnicorn-45930.exe
C:\ÁUnicorn-45930.exe
9⤵
PID:5912

C:\ÁUnicorn-28653.exe
C:\ÁUnicorn-28653.exe
10⤵
PID:4624

C:\ÁUnicorn-13363.exe
C:\ÁUnicorn-13363.exe
11⤵
PID:5388

C:\ÁUnicorn-35277.exe
C:\ÁUnicorn-35277.exe
12⤵
PID:612

C:\ÁUnicorn-45101.exe
C:\ÁUnicorn-45101.exe
13⤵
PID:1396

C:\ÁUnicorn-49028.exe
C:\ÁUnicorn-49028.exe
14⤵
PID:5548

C:\ÁUnicorn-53892.exe
C:\ÁUnicorn-53892.exe
15⤵
PID:6380

C:\ÁUnicorn-451.exe
C:\ÁUnicorn-451.exe
16⤵
PID:8372

C:\ÁUnicorn-26282.exe
C:\ÁUnicorn-26282.exe
17⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 660
14⤵
PID:7292

C:\ÁUnicorn-755.exe
C:\ÁUnicorn-755.exe
7⤵
PID:6064

C:\ÁUnicorn-56052.exe
C:\ÁUnicorn-56052.exe
8⤵
PID:5028

C:\ÁUnicorn-50960.exe
C:\ÁUnicorn-50960.exe
9⤵
PID:676

C:\ÁUnicorn-64074.exe
C:\ÁUnicorn-64074.exe
10⤵
PID:6120

C:\ÁUnicorn-14124.exe
C:\ÁUnicorn-14124.exe
11⤵
PID:5376

C:\ÁUnicorn-57581.exe
C:\ÁUnicorn-57581.exe
12⤵
PID:5608

C:\ÁUnicorn-16231.exe
C:\ÁUnicorn-16231.exe
13⤵
PID:2796

C:\ÁUnicorn-44615.exe
C:\ÁUnicorn-44615.exe
14⤵
PID:6592

C:\ÁUnicorn-58791.exe
C:\ÁUnicorn-58791.exe
15⤵
PID:2896

C:\ÁUnicorn-1219.exe
C:\ÁUnicorn-1219.exe
16⤵
PID:8300

C:\ÁUnicorn-64487.exe
C:\ÁUnicorn-64487.exe
17⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 628
15⤵
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 640
14⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 712
13⤵
- Program crash
PID:4160

C:\ÁUnicorn-46455.exe
C:\ÁUnicorn-46455.exe
11⤵
PID:5160

C:\ÁUnicorn-61799.exe
C:\ÁUnicorn-61799.exe
12⤵
PID:4864

C:\ÁUnicorn-36679.exe
C:\ÁUnicorn-36679.exe
13⤵
PID:6912

C:\ÁUnicorn-25511.exe
C:\ÁUnicorn-25511.exe
14⤵
PID:7872

C:\ÁUnicorn-12707.exe
C:\ÁUnicorn-12707.exe
15⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 636
13⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 628
12⤵
PID:1476

C:\UsersÁUnicorn-22547.exe
C:\UsersÁUnicorn-22547.exe
6⤵
PID:4864

C:\ÁUnicorn-27766.exe
C:\ÁUnicorn-27766.exe
7⤵
PID:6008

C:\ÁUnicorn-37226.exe
C:\ÁUnicorn-37226.exe
8⤵
PID:5568

C:\ÁUnicorn-49834.exe
C:\ÁUnicorn-49834.exe
9⤵
PID:2592

C:\ÁUnicorn-35725.exe
C:\ÁUnicorn-35725.exe
10⤵
PID:3460

C:\ÁUnicorn-19626.exe
C:\ÁUnicorn-19626.exe
11⤵
PID:980

C:\ÁUnicorn-40039.exe
C:\ÁUnicorn-40039.exe
12⤵
PID:1356

C:\ÁUnicorn-13859.exe
C:\ÁUnicorn-13859.exe
13⤵
PID:5776

C:\ÁUnicorn-55428.exe
C:\ÁUnicorn-55428.exe
14⤵
PID:4672

C:\ÁUnicorn-451.exe
C:\ÁUnicorn-451.exe
15⤵
PID:8256

C:\ÁUnicorn-24830.exe
C:\ÁUnicorn-24830.exe
16⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 652
14⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 744
13⤵
PID:7284

C:\Users\AdminÁUnicorn-45012.exe
C:\Users\AdminÁUnicorn-45012.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3688

C:\UsersÁUnicorn-35210.exe
C:\UsersÁUnicorn-35210.exe
6⤵
PID:4912

C:\ÁUnicorn-18125.exe
C:\ÁUnicorn-18125.exe
7⤵
PID:5940

C:\ÁUnicorn-56973.exe
C:\ÁUnicorn-56973.exe
8⤵
PID:5924

C:\ÁUnicorn-48554.exe
C:\ÁUnicorn-48554.exe
9⤵
PID:1920

C:\ÁUnicorn-49834.exe
C:\ÁUnicorn-49834.exe
10⤵
PID:1832

C:\ÁUnicorn-63021.exe
C:\ÁUnicorn-63021.exe
11⤵
PID:1960

C:\ÁUnicorn-35277.exe
C:\ÁUnicorn-35277.exe
12⤵
PID:4464

C:\ÁUnicorn-28161.exe
C:\ÁUnicorn-28161.exe
13⤵
PID:5456

C:\ÁUnicorn-3203.exe
C:\ÁUnicorn-3203.exe
14⤵
PID:6332

C:\ÁUnicorn-21028.exe
C:\ÁUnicorn-21028.exe
15⤵
PID:6820

C:\ÁUnicorn-20100.exe
C:\ÁUnicorn-20100.exe
16⤵
PID:5648

C:\ÁUnicorn-52039.exe
C:\ÁUnicorn-52039.exe
17⤵
PID:8680

C:\ÁUnicorn-55364.exe
C:\ÁUnicorn-55364.exe
18⤵
PID:2124

C:\ÁUnicorn-31844.exe
C:\ÁUnicorn-31844.exe
19⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 664
15⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 664
15⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 640
14⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 724
11⤵
- Program crash
PID:3600

C:\ÁUnicorn-46996.exe
C:\ÁUnicorn-46996.exe
10⤵
PID:3248

C:\ÁUnicorn-19818.exe
C:\ÁUnicorn-19818.exe
11⤵
PID:5256

C:\ÁUnicorn-6982.exe
C:\ÁUnicorn-6982.exe
12⤵
PID:2280

C:\ÁUnicorn-16164.exe
C:\ÁUnicorn-16164.exe
13⤵
PID:4912

C:\ÁUnicorn-42151.exe
C:\ÁUnicorn-42151.exe
14⤵
PID:5204

C:\ÁUnicorn-63716.exe
C:\ÁUnicorn-63716.exe
15⤵
PID:6040

C:\ÁUnicorn-35044.exe
C:\ÁUnicorn-35044.exe
16⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 724
15⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 632
14⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 636
13⤵
PID:6136

C:\ÁUnicorn-1843.exe
C:\ÁUnicorn-1843.exe
7⤵
PID:3876

C:\ÁUnicorn-52109.exe
C:\ÁUnicorn-52109.exe
8⤵
PID:5336

C:\ÁUnicorn-5449.exe
C:\ÁUnicorn-5449.exe
9⤵
PID:5136

C:\ÁUnicorn-63818.exe
C:\ÁUnicorn-63818.exe
10⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 640
10⤵
- Program crash
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 656
8⤵
- Program crash
PID:5268

C:\UsersÁUnicorn-38518.exe
C:\UsersÁUnicorn-38518.exe
6⤵
PID:5324

C:\ÁUnicorn-49197.exe
C:\ÁUnicorn-49197.exe
7⤵
PID:4472

C:\ÁUnicorn-19245.exe
C:\ÁUnicorn-19245.exe
8⤵
PID:2344

C:\ÁUnicorn-36368.exe
C:\ÁUnicorn-36368.exe
9⤵
PID:5328

C:\ÁUnicorn-14124.exe
C:\ÁUnicorn-14124.exe
10⤵
PID:3968

C:\ÁUnicorn-57581.exe
C:\ÁUnicorn-57581.exe
11⤵
PID:5408

C:\ÁUnicorn-25447.exe
C:\ÁUnicorn-25447.exe
12⤵
PID:5172

C:\ÁUnicorn-29674.exe
C:\ÁUnicorn-29674.exe
13⤵
PID:7152

C:\ÁUnicorn-20327.exe
C:\ÁUnicorn-20327.exe
14⤵
PID:6684

C:\ÁUnicorn-17831.exe
C:\ÁUnicorn-17831.exe
15⤵
PID:7932

C:\ÁUnicorn-24830.exe
C:\ÁUnicorn-24830.exe
16⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 608
14⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 636
13⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 636
12⤵
- Program crash
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 752
5⤵
- Program crash
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 740
4⤵
- Program crash
PID:4696

C:\Users\Admin\AppData\LocalÁUnicorn-6032.exe
C:\Users\Admin\AppData\LocalÁUnicorn-6032.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4576

C:\Users\Admin\AppDataÁUnicorn-17261.exe
C:\Users\Admin\AppDataÁUnicorn-17261.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\AdminÁUnicorn-54547.exe
C:\Users\AdminÁUnicorn-54547.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\UsersÁUnicorn-21546.exe
C:\UsersÁUnicorn-21546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\ÁUnicorn-60970.exe
C:\ÁUnicorn-60970.exe
7⤵
PID:5052

C:\ÁUnicorn-44269.exe
C:\ÁUnicorn-44269.exe
8⤵
PID:2848

C:\ÁUnicorn-5481.exe
C:\ÁUnicorn-5481.exe
9⤵
PID:5376

C:\ÁUnicorn-46733.exe
C:\ÁUnicorn-46733.exe
10⤵
PID:1992

C:\ÁUnicorn-208.exe
C:\ÁUnicorn-208.exe
11⤵
PID:5944

C:\ÁUnicorn-47223.exe
C:\ÁUnicorn-47223.exe
12⤵
PID:3980

C:\ÁUnicorn-37412.exe
C:\ÁUnicorn-37412.exe
13⤵
PID:2936

C:\ÁUnicorn-45991.exe
C:\ÁUnicorn-45991.exe
14⤵
PID:6480

C:\ÁUnicorn-31620.exe
C:\ÁUnicorn-31620.exe
15⤵
PID:6444

C:\ÁUnicorn-50503.exe
C:\ÁUnicorn-50503.exe
16⤵
PID:8108

C:\ÁUnicorn-55364.exe
C:\ÁUnicorn-55364.exe
17⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 636
15⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 636
14⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 724
13⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 656
12⤵
- Program crash
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 632
8⤵
- Program crash
PID:5612

C:\UsersÁUnicorn-32944.exe
C:\UsersÁUnicorn-32944.exe
6⤵
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 648
6⤵
- Program crash
PID:5872

C:\Users\AdminÁUnicorn-50196.exe
C:\Users\AdminÁUnicorn-50196.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\UsersÁUnicorn-52810.exe
C:\UsersÁUnicorn-52810.exe
6⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 720
5⤵
- Program crash
PID:988

C:\Users\Admin\AppDataÁUnicorn-36819.exe
C:\Users\Admin\AppDataÁUnicorn-36819.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4992

C:\Users\AdminÁUnicorn-21546.exe
C:\Users\AdminÁUnicorn-21546.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\UsersÁUnicorn-61738.exe
C:\UsersÁUnicorn-61738.exe
6⤵
PID:2080

C:\ÁUnicorn-44077.exe
C:\ÁUnicorn-44077.exe
7⤵
PID:3872

C:\ÁUnicorn-20941.exe
C:\ÁUnicorn-20941.exe
8⤵
PID:5736

C:\ÁUnicorn-24938.exe
C:\ÁUnicorn-24938.exe
9⤵
PID:5648

C:\ÁUnicorn-51661.exe
C:\ÁUnicorn-51661.exe
10⤵
PID:2848

C:\ÁUnicorn-54135.exe
C:\ÁUnicorn-54135.exe
11⤵
PID:4704

C:\ÁUnicorn-11139.exe
C:\ÁUnicorn-11139.exe
12⤵
PID:2300

C:\ÁUnicorn-40676.exe
C:\ÁUnicorn-40676.exe
13⤵
PID:6224

C:\ÁUnicorn-55428.exe
C:\ÁUnicorn-55428.exe
14⤵
PID:1060

C:\ÁUnicorn-32708.exe
C:\ÁUnicorn-32708.exe
15⤵
PID:5516

C:\ÁUnicorn-61572.exe
C:\ÁUnicorn-61572.exe
16⤵
PID:8828

C:\ÁUnicorn-41415.exe
C:\ÁUnicorn-41415.exe
17⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 624
15⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 620
14⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 636
13⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 636
7⤵
- Program crash
PID:676

C:\Users\AdminÁUnicorn-19955.exe
C:\Users\AdminÁUnicorn-19955.exe
5⤵
PID:1416

C:\UsersÁUnicorn-9100.exe
C:\UsersÁUnicorn-9100.exe
6⤵
PID:1612

C:\ÁUnicorn-52586.exe
C:\ÁUnicorn-52586.exe
7⤵
PID:4168

C:\ÁUnicorn-140.exe
C:\ÁUnicorn-140.exe
8⤵
PID:5496

C:\ÁUnicorn-35533.exe
C:\ÁUnicorn-35533.exe
9⤵
PID:1916

C:\ÁUnicorn-19984.exe
C:\ÁUnicorn-19984.exe
10⤵
PID:4544

C:\ÁUnicorn-42029.exe
C:\ÁUnicorn-42029.exe
11⤵
PID:2656

C:\ÁUnicorn-64103.exe
C:\ÁUnicorn-64103.exe
12⤵
PID:436

C:\ÁUnicorn-55428.exe
C:\ÁUnicorn-55428.exe
13⤵
PID:5072

C:\ÁUnicorn-25511.exe
C:\ÁUnicorn-25511.exe
14⤵
PID:2780

C:\ÁUnicorn-1830.exe
C:\ÁUnicorn-1830.exe
15⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 644
13⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 668
12⤵
PID:7252

C:\ÁUnicorn-10160.exe
C:\ÁUnicorn-10160.exe
10⤵
PID:3420

C:\ÁUnicorn-44228.exe
C:\ÁUnicorn-44228.exe
11⤵
PID:2392

C:\ÁUnicorn-5376.exe
C:\ÁUnicorn-5376.exe
12⤵
PID:5468

C:\ÁUnicorn-16295.exe
C:\ÁUnicorn-16295.exe
13⤵
PID:8312

C:\ÁUnicorn-44612.exe
C:\ÁUnicorn-44612.exe
14⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 640
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 664
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 712
6⤵
- Program crash
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 720
4⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 724
3⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 748
2⤵
- Program crash
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5064 -ip 5064
1⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2344 -ip 2344
1⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2536 -ip 2536
1⤵
PID:2892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 988 -ip 988
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2796 -ip 2796
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4812 -ip 4812
1⤵
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3184 -ip 3184
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3936 -ip 3936
1⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3928 -ip 3928
1⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2592 -ip 2592
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4576 -ip 4576
1⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4612 -ip 4612
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4084 -ip 4084
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3396 -ip 3396
1⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3780 -ip 3780
1⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1196 -ip 1196
1⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3988 -ip 3988
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4932 -ip 4932
1⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3676 -ip 3676
1⤵
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3372 -ip 3372
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 2756 -ip 2756
1⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1036 -ip 1036
1⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3068 -ip 3068
1⤵
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4900 -ip 4900
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1648 -ip 1648
1⤵
PID:544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3916 -ip 3916
1⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2328 -ip 2328
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 228 -ip 228
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2616 -ip 2616
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4592 -ip 4592
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1400 -ip 1400
1⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1752 -ip 1752
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1920 -ip 1920
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4992 -ip 4992
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3600 -ip 3600
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4844 -ip 4844
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3912 -ip 3912
1⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3140 -ip 3140
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3292 -ip 3292
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5072 -ip 5072
1⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4256 -ip 4256
1⤵
PID:640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1912 -ip 1912
1⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1452 -ip 1452
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3956 -ip 3956
1⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 2232 -ip 2232
1⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4156 -ip 4156
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4100 -ip 4100
1⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2108 -ip 2108
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4424 -ip 4424
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2924 -ip 2924
1⤵
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 2000 -ip 2000
1⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4412 -ip 4412
1⤵
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4648 -ip 4648
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1996 -ip 1996
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2760 -ip 2760
1⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4656 -ip 4656
1⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 2904 -ip 2904
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1992 -ip 1992
1⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 428 -ip 428
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 3996 -ip 3996
1⤵
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5016 -ip 5016
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5928 -ip 5928
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2464 -ip 2464
1⤵
PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1704 -ip 1704
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3928 -ip 3928
1⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4440 -ip 4440
1⤵
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3936 -ip 3936
1⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2080 -ip 2080
1⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5052 -ip 5052
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4892 -ip 4892
1⤵
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2412 -ip 2412
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2588 -ip 2588
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4604 -ip 4604
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3704 -ip 3704
1⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 544 -ip 544
1⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5292 -ip 5292
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4356 -ip 4356
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5300 -ip 5300
1⤵
PID:2640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5332 -ip 5332
1⤵
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3688 -ip 3688
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 952 -ip 952
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1416 -ip 1416
1⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4084 -ip 4084
1⤵
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5040 -ip 5040
1⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5360 -ip 5360
1⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 1208 -ip 1208
1⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5404 -ip 5404
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5940 -ip 5940
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2656 -ip 2656
1⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3460 -ip 3460
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5456 -ip 5456
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4160 -ip 4160
1⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5968 -ip 5968
1⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4864 -ip 4864
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1108 -ip 1108
1⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5492 -ip 5492
1⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5580 -ip 5580
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3988 -ip 3988
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5380 -ip 5380
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6000 -ip 6000
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3296 -ip 3296
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5848 -ip 5848
1⤵
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4676 -ip 4676
1⤵
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6124 -ip 6124
1⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 5540 -ip 5540
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4912 -ip 4912
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5596 -ip 5596
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5548 -ip 5548
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4996 -ip 4996
1⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5324 -ip 5324
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2848 -ip 2848
1⤵
PID:632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4572 -ip 4572
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5628 -ip 5628
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3676 -ip 3676
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5244 -ip 5244
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3872 -ip 3872
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 1324 -ip 1324
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5884 -ip 5884
1⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6064 -ip 6064
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5860 -ip 5860
1⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5844 -ip 5844
1⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5992 -ip 5992
1⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6136 -ip 6136
1⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1928 -ip 1928
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6072 -ip 6072
1⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2936 -ip 2936
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 5236 -ip 5236
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2304 -ip 2304
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 1612 -ip 1612
1⤵
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6008 -ip 6008
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 5920 -ip 5920
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5924 -ip 5924
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2396 -ip 2396
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 3208 -ip 3208
1⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5076 -ip 5076
1⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5912 -ip 5912
1⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5652 -ip 5652
1⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6116 -ip 6116
1⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4420 -ip 4420
1⤵
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5732 -ip 5732
1⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5452 -ip 5452
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 5736 -ip 5736
1⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 5232 -ip 5232
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5376 -ip 5376
1⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3388 -ip 3388
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 5908 -ip 5908
1⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 3828 -ip 3828
1⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4472 -ip 4472
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6108 -ip 6108
1⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1196 -ip 1196
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5124 -ip 5124
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 3876 -ip 3876
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2920 -ip 2920
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4592 -ip 4592
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5028 -ip 5028
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5764 -ip 5764
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 2788 -ip 2788
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1996 -ip 1996
1⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 2744 -ip 2744
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5928 -ip 5928
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2900 -ip 2900
1⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 4168 -ip 4168
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 4648 -ip 4648
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 3908 -ip 3908
1⤵
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 1356 -ip 1356
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4336 -ip 4336
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1932 -ip 1932
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5568 -ip 5568
1⤵
PID:612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 948 -ip 948
1⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5072 -ip 5072
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 3480 -ip 3480
1⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 4880 -ip 4880
1⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 5840 -ip 5840
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 2352 -ip 2352
1⤵
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6048 -ip 6048
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 3464 -ip 3464
1⤵
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 3704 -ip 3704
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5336 -ip 5336
1⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 5304 -ip 5304
1⤵
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6012 -ip 6012
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 6132 -ip 6132
1⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5520 -ip 5520
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3936 -ip 3936
1⤵
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 5648 -ip 5648
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 780 -ip 780
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2924 -ip 2924
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2296 -ip 2296
1⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2344 -ip 2344
1⤵
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 1920 -ip 1920
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1992 -ip 1992
1⤵
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4624 -ip 4624
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 676 -ip 676
1⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 5164 -ip 5164
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4428 -ip 4428
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 2080 -ip 2080
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5484 -ip 5484
1⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5100 -ip 5100
1⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 1832 -ip 1832
1⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5496 -ip 5496
1⤵
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5368 -ip 5368
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2592 -ip 2592
1⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5372 -ip 5372
1⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 4932 -ip 4932
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 5360 -ip 5360
1⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6024 -ip 6024
1⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 5128 -ip 5128
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4864 -ip 4864
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 2100 -ip 2100
1⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2300 -ip 2300
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5864 -ip 5864
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5848 -ip 5848
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4680 -ip 4680
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4584 -ip 4584
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5136 -ip 5136
1⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5328 -ip 5328
1⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3676 -ip 3676
1⤵
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5180 -ip 5180
1⤵
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5548 -ip 5548
1⤵
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5860 -ip 5860
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5388 -ip 5388
1⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 3248 -ip 3248
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 3932 -ip 3932
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 3460 -ip 3460
1⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4420 -ip 4420
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2160 -ip 2160
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5596 -ip 5596
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3864 -ip 3864
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 1772 -ip 1772
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3968 -ip 3968
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5796 -ip 5796
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 3304 -ip 3304
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1960 -ip 1960
1⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 1192 -ip 1192
1⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5636 -ip 5636
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4820 -ip 4820
1⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 632 -ip 632
1⤵
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 4572 -ip 4572
1⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5924 -ip 5924
1⤵
PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 2848 -ip 2848
1⤵
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1208 -ip 1208
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5828 -ip 5828
1⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6092 -ip 6092
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5376 -ip 5376
1⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6080 -ip 6080
1⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5468 -ip 5468
1⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 2532 -ip 2532
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2932 -ip 2932
1⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4336 -ip 4336
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5320 -ip 5320
1⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4544 -ip 4544
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 612 -ip 612
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 4704 -ip 4704
1⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5364 -ip 5364
1⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5256 -ip 5256
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5908 -ip 5908
1⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2236 -ip 2236
1⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5200 -ip 5200
1⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4928 -ip 4928
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 1916 -ip 1916
1⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 4612 -ip 4612
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5868 -ip 5868
1⤵
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4860 -ip 4860
1⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5140 -ip 5140
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 980 -ip 980
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6120 -ip 6120
1⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5516 -ip 5516
1⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 2616 -ip 2616
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 4172 -ip 4172
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2788 -ip 2788
1⤵
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5772 -ip 5772
1⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 2480 -ip 2480
1⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 1036 -ip 1036
1⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 6128 -ip 6128
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 5220 -ip 5220
1⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 4464 -ip 4464
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 2668 -ip 2668
1⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5416 -ip 5416
1⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 5944 -ip 5944
1⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 1064 -ip 1064
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 5248 -ip 5248
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 4808 -ip 4808
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2068 -ip 2068
1⤵
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 5408 -ip 5408
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 788 -ip 788
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5720 -ip 5720
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6064 -ip 6064
1⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2704 -ip 2704
1⤵
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 2428 -ip 2428
1⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5444 -ip 5444
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5844 -ip 5844
1⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1932 -ip 1932
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5608 -ip 5608
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1912 -ip 1912
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 5552 -ip 5552
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3980 -ip 3980
1⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 1404 -ip 1404
1⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 2280 -ip 2280
1⤵
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5096 -ip 5096
1⤵
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3828 -ip 3828
1⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 748 -ip 748
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5160 -ip 5160
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5588 -ip 5588
1⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4320 -ip 4320
1⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5328 -ip 5328
1⤵
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 712 -ip 712
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2996 -ip 2996
1⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5692 -ip 5692
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3420 -ip 3420
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 2300 -ip 2300
1⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6072 -ip 6072
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6056 -ip 6056
1⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2656 -ip 2656
1⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5456 -ip 5456
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 2692 -ip 2692
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4388 -ip 4388
1⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 1356 -ip 1356
1⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1396 -ip 1396
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4004 -ip 4004
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5528 -ip 5528
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4564 -ip 4564
1⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 432 -ip 432
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3912 -ip 3912
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 3096 -ip 3096
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5688 -ip 5688
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1888 -ip 1888
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 548 -ip 548
1⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5900 -ip 5900
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2832 -ip 2832
1⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 2796 -ip 2796
1⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2092 -ip 2092
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 5172 -ip 5172
1⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3480 -ip 3480
1⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5860 -ip 5860
1⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3676 -ip 3676
1⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5524 -ip 5524
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 780 -ip 780
1⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 5972 -ip 5972
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 2936 -ip 2936
1⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4912 -ip 4912
1⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6332 -ip 6332
1⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3384 -ip 3384
1⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 228 -ip 228
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 4980 -ip 4980
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 6232 -ip 6232
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6188 -ip 6188
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 3968 -ip 3968
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4420 -ip 4420
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 3872 -ip 3872
1⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6592 -ip 6592
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6644 -ip 6644
1⤵
PID:9492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\TempÁUnicorn-36973.exe
Filesize
184KB

MD5
ce303079db5ca104b000784f24ea9d89

SHA1
436f4d5d4385c4b6efad33b87336d10a618e1a68

SHA256
be1489d36ce2859affc4ccc05bc41285200fc48eda85e3e8b0c17479fb7ad7df

SHA512
12c591aa73a2a04ad0112f0d24db03f870360b24192e2b8e30312b87c72ec7e54f6f5df62682c01553539fff2135ffa9b3fc0754fd318380b37a678f17c4f9b2

Download Submit
C:\Users\Admin\AppData\Local\TempÁUnicorn-52881.exe
Filesize
184KB

MD5
b79e48e349ae259b65a705231bde485a

SHA1
893edbb0f6347921503bdc00d11577512f4cebf4

SHA256
f4638fd63d07b0b5a2c76e0371ddbe3fd6e06351b37fb8ec7ba077940e700692

SHA512
16f24de389e70c5c11debd62857e6d1bb4500c5756989d813353ae6b86fe7080fd98b1f0cb5aa435fe3ae45b28c0fc9c009f093d5083ff14ed0205e384294253

Download Submit
C:\Users\Admin\AppData\LocalÁUnicorn-1008.exe
Filesize
184KB

MD5
bf3f25db392f29dc54449afe6bed8bd1

SHA1
64ef3f29611b4cdf4fb3677ff015f52d9c7e1ce8

SHA256
c600a90fe440b12e32806e860eb14dc871125f309ce18f78c271ac38747a2e3f

SHA512
be9e9a013e8841cdfad4a4fd6e277b44349e9985953859e91eeeeeaf8d69bc0fba6379f78aeb4b9ec009da732a92493ffbd9e5877c84f8cfb36f965238978688

Download Submit
C:\Users\Admin\AppData\LocalÁUnicorn-20874.exe
Filesize
184KB

MD5
7c5e9147b03b7e0a1421c0235b2176f1

SHA1
d32171eaa966b838d01236780f0ce069c10d0091

SHA256
9c4f889feeb1ca2ab30f1fd69d591239e824e7c8c67c139518e503aa73e97169

SHA512
05324022c229f79429e7902fded7e2201b74647eceb29341f52d24f114531abf015553521605579c081a500bf01105c9da2f382c3e6631b2d4fde84db66ab2d8

Download Submit
C:\Users\Admin\AppData\LocalÁUnicorn-55149.exe
Filesize
184KB

MD5
b411f3c7b64dad8589174c8d6699839f

SHA1
629229421c82d3ebbe5f3553e8e2ccb8b68f01a1

SHA256
9e367f2dd27b314bc7f0cd6506eb5cde248f07c088bf4d35d873d860727426c2

SHA512
0fca782f13b0b65f001c01ce152360252425d127701aaf41e3064c71b46dfbc6d5aaf4c76451692047b1efe2bea9b41012c783b4702808b87782bf7fb06f82e5

Download Submit
C:\Users\Admin\AppData\LocalÁUnicorn-6032.exe
Filesize
184KB

MD5
0d5cd52a7e243ded226fe31a8a0caeb7

SHA1
0e159ae1358c77b295fd6a40d4cecc26908e73c7

SHA256
a7153340dcacdd40f086bbad912b421fe4874ae02e71860242e7f192e6fd5c53

SHA512
dfcc93ed9f8ee450364744151f71333279ad3ec83f8665e9b896f5ad5f13c5c5b54b6b54ecf15e69a443484aef46d228acfaa835bae97bbe1cbb9b8fff3380a5

Download Submit
C:\Users\Admin\AppDataÁUnicorn-17261.exe
Filesize
184KB

MD5
459f098d51262abc36a47eacabb4fbc7

SHA1
b859fb290bae86efe6af13a18c435b582ae5ea42

SHA256
c9c076c2f8dd3f0361042aa3513c53adf5c8401009d009b00b89f4f21757552d

SHA512
f8cbe1b5a0d4903bb9ca0ded96f5f49929bccaca27f66051e75dd5569841078703a14640e81a51a80c44c5aae62378533e4611fd1a234325879bcc11b2e157af

Download Submit
C:\Users\Admin\AppDataÁUnicorn-30643.exe
Filesize
184KB

MD5
a9533e5d7aa53891a71d3d96b5cd1cb4

SHA1
41bc74bd1ffaecafb5ddb24685de14f2669ec0cc

SHA256
8f9f3efa645045a078417aeaadbc33ebb6e85bf61828c82675b036a0ee64b5b0

SHA512
3575317c14bea434b37fd6f4d754b72fc5aead0b2e7adb86b59eb93530d7b78703e50c86ca20bbe87d2d000425a4040df8afe04c4a615856e906f5aaa1b705df

Download Submit
C:\Users\Admin\AppDataÁUnicorn-35757.exe
Filesize
184KB

MD5
2c55d85bb24ebadc5e7076cf3a3275a6

SHA1
be35a727e222205afa531e8a53c9ac2dfaaae27f

SHA256
ce9b65f729b32916d3c474d2204b2bb88c0d1c2ba50c37e5b97231397759cf34

SHA512
f656d71a4512a7bf89521f0ba2fe86c6dccad21d601239c8b463b0d7b2b1a461d695b1afabf64cb41327f803b31d78b8ec05677a78fe09eb75448a42abc6dae0

Download Submit
C:\Users\Admin\AppDataÁUnicorn-36819.exe
Filesize
184KB

MD5
13cf8f9eafc2f4a039b80b732c6854a4

SHA1
280f69414c1418779f988477610a213d1be942f0

SHA256
c06be5b779026c3498e442bfa530e6ac35dee6f36907c36f187ef3daa5e0af1c

SHA512
e7c32fb5302ad405e3742ec3e4bcd713ec4ea5a1733b15a036305382609059028232c44f7b50daf13c54417642b954f6d30c6e1e3658ecd66484f1221f398631

Download Submit
C:\Users\Admin\AppDataÁUnicorn-53012.exe
Filesize
184KB

MD5
195e937c48a2cf9f05df58625b524052

SHA1
d39db25ea010de0db35233afe22fa5ceecb86ac8

SHA256
958aa935435b3dd76a8b36d56d46617227d0ede589b61196e430c43552b3d3da

SHA512
0c81e5cf33e1446171689c11895d2040cdf9ce1facc45e252daea6f178d3f37f617d7e253479c2879d6ce4fb6202f97c70e4da8ff3c02d88572e29c215a0e350

Download Submit
C:\Users\Admin\AppDataÁUnicorn-61562.exe
Filesize
184KB

MD5
0f3337e796a5956a341f7519ef1eae33

SHA1
9b6c8ad595caef3d3689fb19fbabf04e1f1b9bd1

SHA256
bd33cd6e4a4b36ea135e653227b8dbd06f86e31d44c1c78a8be016dd1d07e6d5

SHA512
b754a3c5d30d79f0cbe5ce6f7180fe181f9f4118595544bed68ef69c08e66eb7977d4046f5dddbe7edab04a9408b1eef4337ef59f184ce8cf31be104a044c1c5

Download Submit
C:\Users\Admin\AppDataÁUnicorn-6162.exe
Filesize
184KB

MD5
1be6acf802a2b771b3992734b2031677

SHA1
d865d4793eafc9f1bc2a20eadb3d2e605738634f

SHA256
461d73a46cfdc26d65afc7a0a4da2f74fab3b9bf62596b001b6421550e3f23b3

SHA512
ce42a2b2581386903594ae610aa8488a9f567ad82d7eeb0b4076e301f65488c931c09c62a0f4a6d4fb8a1b75e443407607ff7f04cac85d7d51955117d71a863f

Download Submit
C:\Users\Admin\AppDataÁUnicorn-8108.exe
Filesize
184KB

MD5
04cfc6bb93d282c0db6b7f5cdf28d080

SHA1
fd7e3fe28addb7ced596f0d86fa7920307557b4f

SHA256
052f19e01f2a6cbc6a780ef6f22fbce4cf8769cae57887eba89143ef75ae6681

SHA512
bdc23b5ffc3e4fff9a969c3d8bf5e5ef920db297b8cc60a98ae3ec46eb4286b2622ed269d8d573d4e9f1fe59e197dbe99c00232fe0dfd2384adb094534ae8901

Download Submit
C:\Users\AdminÁUnicorn-11049.exe
Filesize
184KB

MD5
11afcb0a2074e813388edf0c6bdd6ef7

SHA1
892c907e947f0e90a677c785eb960ae7afbe30c0

SHA256
e2699591eb878a0d2173838f2b32303107a3c51b6a5f58e59b1457400b31fb31

SHA512
acd3654a24e695faac5d2f481bf3a53a9ed9fa37d07be311fa5a850027c47d7d04644dd171683af09629dc3976579b8d9b986fdb3db8581e1474631aa5561e2b

Download Submit
C:\Users\AdminÁUnicorn-23571.exe
Filesize
184KB

MD5
4a1907018d2a01b634a75e665544622e

SHA1
aba0c7bce0a841b8a90c4625e97daf7b72cc30ab

SHA256
bfb99005ebed2d89d4d8fcc2080e32ad9fb2c752d0cec4b9cb33cffdba335771

SHA512
d0d775fb6c6dfefbc04778f636aa8783a402c1481c8db8f934fc3a3beaaef1a02152735bcbad75dd08a6db04ed9b2355403ad798c84825a04a97313dccc06bfb

Download Submit
C:\Users\AdminÁUnicorn-24554.exe
Filesize
184KB

MD5
cf58ddae2a2e7f2b0a65bcacdc7c3c60

SHA1
3168b697b89f163a125446846e3e615c3edc4672

SHA256
353f16c2cd5fe61431e0295a253631052c8bf78bcb31962a5af5c1a6c3bf1ff4

SHA512
7cb40c018e88411a46c12076d8aa7d3972510027925d4cf63f599aff5a2bcb67467c02e0640283f4b4e38389686406bc334e9a4ef873525bf280a6d88681c53e

Download Submit
C:\Users\AdminÁUnicorn-30768.exe
Filesize
184KB

MD5
e8bb190318cb3f7ae12ef8c0734018f6

SHA1
1d72cc33e4d262a2ccf5e1bd942839784f826ddb

SHA256
4cfe7f65e6aed6fed45a6d98e6cb6066baffd1f2bd0baedec5634d5d0a6d2abe

SHA512
001ba8bcfd3df58c4be24a13d31d38a6f23edd5d80dbfa42c4278420ed7b230fb3bb73d36ca74990d68212b351f2ae07fc0aee1b7331aeabd9b73b59be513e60

Download Submit
C:\Users\AdminÁUnicorn-34282.exe
Filesize
184KB

MD5
05358ef041c058078c3ff588d668bbd1

SHA1
c4401145cf38a44ee4c0dd32814880703c50b0bc

SHA256
99eb7df77c49cb55b7af6b7395c95f6b1ef770461273a4bd71523e553a0f0816

SHA512
32d682080844599e85890f0bb19a842143cb54188c29e9bdabc4356e7e6d429dc7ce57e8f9027f11a6ff8760c4b9f04f57c52533459e8b5329cc9932ff1acb12

Download Submit
C:\Users\AdminÁUnicorn-35050.exe
Filesize
184KB

MD5
f49762cbbc422dd3aaadd474695b3fbd

SHA1
c8dbba73a4d752be405f8ef82f8a451a58cdafd4

SHA256
8ba5fa5101b4b32701866f93c63cd678be97487e28f3672d9bdf9b77bed7e051

SHA512
4b2a9e5d16afe763d74f8b682b07c098ce9c227abe292fb293baf0feb604c086f9a066f588d6ed82f7ee5713c94fb9ff9343201debf3a9744c277765fec8e038

Download Submit
C:\Users\AdminÁUnicorn-36819.exe
Filesize
184KB

MD5
85e1b83d2200de82921f1935475501bf

SHA1
88c041217f1b11425c5e35195b8107473daa426e

SHA256
241f7f7e7ada2aad8218bdb283de89f8e253182fc8dc165ece7c2cb84856f1cf

SHA512
b321a35d29c622d068d6f6dd027b70756518b8f3f53a0f87d43f3baa2409e37877e6ff9f744daae4b5789920bf875df5c35595154512abf6db392479c2940b94

Download Submit
C:\Users\AdminÁUnicorn-53841.exe
Filesize
184KB

MD5
6f6a40f872e1b5d504c92e9974144a77

SHA1
a853859b4a79c00564f372621da8fe296826ab49

SHA256
80bd60badf72add28e4b8a290c5c80d3cf4e804c6c941ae79a9b6c7b85ab5ab8

SHA512
68e45db783b3842593e23a47f102ca914fed9c8b1b02557213b7e0f92db7590eaa05e279ebd8d7fc791daeacad30b3bdc40dcb437b9ace53b9532ce7926bdfb3

Download Submit
C:\Users\AdminÁUnicorn-54547.exe
Filesize
184KB

MD5
84fa5ee9148c340638a53420de5f190e

SHA1
17ef70721a05395f18fc1ec8134ddb57df58e07f

SHA256
95c9d058c3c1f96b341a1bd732f17a72d9ce00948917460fb6ddb458d066610d

SHA512
584623bf9c9790fb8f8ca9b76ba9a721129e3960b8692313cc05eda516387c692cb40922922a9f06b46286ff8d88aa591df08466ffd250d2e3386b0642aa6081

Download Submit
C:\Users\AdminÁUnicorn-5843.exe
Filesize
184KB

MD5
e453ece21c0b6b110af42328d020bfba

SHA1
0cf61386cfc4439f0c4893fb7395b41daad92310

SHA256
3c43525fef515ce3235d71a40c48fe1b978f88da35375b8731206877f7d37dfb

SHA512
707f162a46ed3b76914d959a9651b7c4ce5344c25688e5e04028b43a27030b1a16ea925a1bd5826293bbf36626824627fd3dd400e8029d99e4c36e2a9216b7ba

Download Submit
C:\Users\AdminÁUnicorn-58797.exe
Filesize
184KB

MD5
a5b3ceb68f1908511fc7d001184282eb

SHA1
25b89286fb7b45d7be22ad1d058729591a2bccc2

SHA256
6030993661da70e86a2c7bfecd4df7732579d6f0a087f04699a8a7070bce286b

SHA512
a91f9b89c9fdcff68c0f822cd17ede388090dbf13826506647330b990ad410a6d455252067c2136514ac0ed12c4b3598dd865cccfbab8c92b4801f69c3103c8e

Download Submit
C:\UsersÁUnicorn-10281.exe
Filesize
184KB

MD5
96996be10585a751512c300b976fcad3

SHA1
20a42ff269bf16002c520f5ffbae4aa54e13bee3

SHA256
5ad47784e2f2751d72634a13935bca22ce3157fcff4b92be4a5d59f8727f35b2

SHA512
f062813cca8e1479340559e86c4c14368a479af6b442ad10060b3053c65c1ab68ac8a3e93b4238118680970ab3f2e11ab31f0164b8108eb587d55f84506b672d

Download Submit
C:\UsersÁUnicorn-11049.exe
Filesize
184KB

MD5
b9502af41cbe36fbcb667adce4b0261c

SHA1
8ed3a9d080df737cc58c2cd3877d8413e4be9d9d

SHA256
089e64819f7b0bb9f424122dd7d5c21df06998173530418ddecd0bbe9cd388c0

SHA512
6f40b27363a2a12f7d6f8aef45310d92ad7a8dd7b67156f6335d869768e00c142d5a7465f471f4b0feb02aba62e66a82071cfd3fe4514f826d045efd1161afcc

Download Submit
C:\UsersÁUnicorn-20266.exe
Filesize
184KB

MD5
10541cf209c33bcf057b7c7a28c53fc2

SHA1
924e42df3308c0985ce2938d772281932f359fbd

SHA256
e0d62b02eef692ed0125d0429e2c2b71292eeea58b09da824a0929d26d8ddc91

SHA512
9be89648fbcae98adc7896de5c12b965aac68e59e07d67f83835e5bef04c223f6db13471964d775ea8ce3f2e61617ef17a126dabf4330c788113cbe53b271689

Download Submit
C:\UsersÁUnicorn-58797.exe
Filesize
184KB

MD5
4510eae9a0f5f9eca3c79f16caf2db78

SHA1
0f7bf92b6304e21bc6a63cf58e593ca3adb3ff49

SHA256
7ae93a32bc5acbc53678f7c895d4d358df093c621cb742b6e720f4b87ee8c3e9

SHA512
6213424afea8b046e358ab817fa9bc8c43c26620af48359df92173dd5374e4a17c4f6f2daa645ea27eda51b11942f543e40fd2a487a4c7b229f7a082d3a4d712

Download Submit
C:\UsersÁUnicorn-64593.exe
Filesize
184KB

MD5
784967acba9dbcc57c26d64683aac999

SHA1
93b9c9ace5c63d00f65aa444eda42d096e9f413a

SHA256
4dd5cdfc0539db3f9b5b52e8646ed4a2cb35d488b44e791c257eaa3d3d2b79d8

SHA512
a79c82026494bff67db37d9ac642f0b7eb07a868eb75f5e93b33167ea5a212863a6ee7ac3a76ee5b786305e1200fcb8c9bdfc2ddbbad92d6b7feed9938482bf4

Download Submit
C:\UsersÁUnicorn-9865.exe
Filesize
184KB

MD5
a0895719c93d7fd3db6a11475e465dd1

SHA1
466b487d22d43d3d6133e0cf288b9a170a93260f

SHA256
ac854276d5cc377b2a026609e471ca76fb69705fb61712db40151fb9e6499e57

SHA512
596ab25bcd3fef52f135465e09e9f0a1d7aeefed39b0d734b72d252eb93853d99959ecb5a39c9364f0094fd5a16009c9a36606d977c1fbf486e402a91fd97c24

Download Submit
C:\ÁUnicorn-16993.exe
Filesize
184KB

MD5
3e6f56ccede4e73c3242c0a338b246db

SHA1
ca1fdeec174ffeecafe8176b84d4afd3c80c897c

SHA256
851a802e1dd3b5daa0130b7a443bb6ebab47ddde7a1b2891ae4b7be66ad10896

SHA512
59f6864b4080dfd76f860de2414683b3ad27ea4a128c93a77b16d24ab67a93540481f44e4ff696c5bbac97615ea8d6fb8c8b9e6c87720176c3607330dff08777

Download Submit
C:\ÁUnicorn-17709.exe
Filesize
184KB

MD5
49b4edcd77d80adcc57758ee1d9a5a0c

SHA1
08592bf8fa9b65d511c04ef78b999b1d320a72b1

SHA256
d1f26c8f184bb48a5c95fa3b185328f514e7e7f8208090bc39b6b4b22f131075

SHA512
5984857218bfb4c88dc83df22deaac14fc0e0abfa2f2e096d33a387e68ad76e2bee7ebfb8e3c03781d920b2d1284339fee2e8b13b1373f9b07c368894e41c353

Download Submit
C:\ÁUnicorn-20327.exe
Filesize
184KB

MD5
027f4d6abc8b1047641246ad31c2601b

SHA1
63d7bc34bb64cb404990425744e4b2b7cff2ab90

SHA256
ea41ec31b76ad8e7469a5bb508fadbb78bafc6b11fa2e0a4992479d88f86158a

SHA512
93821edcccc1675e6f7f5dea0fb24ea78ec7873970f0179071d4f318de0840da8be14a6e7751b01f1cd5e9801f204d2d57d0d71c350649d0e2825517218db762

Download Submit
C:\ÁUnicorn-22032.exe
Filesize
184KB

MD5
17acafcde2b647f408d0b0b375aabd5c

SHA1
f955a51d37ad4bec519154ae742c6b04d9e5da22

SHA256
8cbd16956aa8c51dfef43c89ab33130ad1fc5d4e6f8a260bc7689a9cf01c1a96

SHA512
28daab8f72858375840165e67a8e328a924c965e0f65078a57b7221b5fced5defe2687b9b3714a0db6c332ce2e7039c6b66613dbf8ca4fb5a6c9afb6be668237

Download Submit
C:\ÁUnicorn-27649.exe
Filesize
184KB

MD5
0f002edb8532bc760018dc41e992f361

SHA1
410114e1718c62d693d6f388a30db568fad3148e

SHA256
8e107f55dad9bd9b5f58629b3c8997ac001bd8cca3a0f162b9599cfa7780d0ca

SHA512
a776f5323ec6f54c6395e5dfaecb63a59ba1b99f4a8541ac1711dc67c5ad8c1665c02b2d1b6d656bf6c1dfbcf4b5e1c1dfed9f0d0c6da137e6c16edbe6a788d9

Download Submit
C:\ÁUnicorn-38506.exe
Filesize
184KB

MD5
dbaa9ef51e95532a5ce53802f777dcd9

SHA1
b047f45340646b3726eabb6cf443ba8ebd0d5b34

SHA256
5c8aa2f0c20c617b5713258671a91a400f256945672b0a799897b47f7078b373

SHA512
5df659ef3d94d150b7d216a398767eab4836f0c5dfbe5853986b12bfa5c80fc61a80819b84f14f06f2f35adf06a0918808ed01a7237eb7139673d7f309b787fa

Download Submit
C:\ÁUnicorn-44714.exe
Filesize
184KB

MD5
0ba8e07b21d605989cf4357deca6223a

SHA1
0f85b1e812efd0778a7a17771e3e34cee6117a59

SHA256
47593278084a88c2314290d0fa0b80e1e93f33035cb67f501913b3135b998895

SHA512
c84274ced2a22394d11044816d4c9bb6bd721ba65ab349f995449a44927da5f1a18fb375bbc1776874eac0e9e735df7c63ff2fdefc4143e3fe72e2e0f69157c3

Download Submit
C:\ÁUnicorn-47245.exe
Filesize
184KB

MD5
7e30028bc4e5194dafda706723db643e

SHA1
8ae8e87b738aab780ca4d339507031b8a43227e1

SHA256
eeedb7279ce956f18626faa44195fc538ec3c2278ec632b5ee61f38eec6dc830

SHA512
74b74032e786345caf9c122bba73f834991d0774fe07b4dee1b7d0859ecda2faddb1d96d44e83181b4d89a3b0f16bb8e57873598e81c273d7e87726f9d74d0c0

Download Submit
C:\ÁUnicorn-5510.exe
Filesize
184KB

MD5
4bb8d7174b565993950a6b61ecb715ae

SHA1
4a3f862a23d89a9139f117809ab82994e18ebc8d

SHA256
dc28ed26b01ebabe559e4f9a3e5edc83b7b584115f2267d0bf82cbbff424b165

SHA512
7c2aab836dad3df9058679958a6e999a0af63801b0c7ae130dfe2dd1be59b518ea629123686eb23b751a47345abbd1f44c6550a4732f5be31148bcc423db9cf1

Download Submit
C:\ÁUnicorn-58321.exe
Filesize
184KB

MD5
ff86af82820745f2aa12084204e7a8f7

SHA1
badabbdfccbac8d7568e1faeceeafaa3dfec89e4

SHA256
6205ed6c63cfe353ec8346aa577175445aa9137c618a0cd5b06640eece6555e6

SHA512
592a99469b2a15e5af484d433563d20705886440b095ac796cdb42a429f7a8d3cd82981829a3feaed98c552306e588e62e2b98b60cb274ba25b0e90c59f708d6

Download Submit
C:\ÁUnicorn-61459.exe
Filesize
184KB

MD5
ad0f93ab40ed3dddecb4b4e2cb2d0aae

SHA1
8360e3055c4e2a57df586eca238212adb8205af3

SHA256
c72bcc06a8aac9241f3d186b7ddeaadee4aa0af728a3e9b6116d593c0cfdcc38

SHA512
7a615c593669cd6ef577e42293593ef4d497c337e5d49f0d86d0fed4d5c4e9be525379459938cfed01169d0cef20f58dd5a2a8dc581cb2cc727301e9044bcda3

Download Submit