Analysis
-
max time kernel
118s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:05
Static task
static1
Behavioral task
behavioral1
Sample
66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe
Resource
win10v2004-20241007-en
General
-
Target
66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe
-
Size
468KB
-
MD5
cf8b61446ed908d049cc666985b58310
-
SHA1
b070ed9324c7bf053e9afbe7bec0e42ec56f4185
-
SHA256
66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713
-
SHA512
547508195140756c3910e978fc834b70890f16b29ff7e3021e2abdb20b4bf6171904312d4abc0da60f76a3021e31444c948f8fc2cf9aeb3a2fa495bf42094afd
-
SSDEEP
3072:4belouxaIU57tbYZPznfmbfD/p2DnrIHzQmyeQVDjf4u0DibtxClt:4b4oEc7tCPjfmbfOa5Ef4Pubtx
Malware Config
Signatures
-
Executes dropped EXE 55 IoCs
pid Process 1756 Unicorn-19670.exe 3752 Unicorn-53494.exe 3696 Unicorn-6986.exe 3324 Unicorn-14189.exe 2140 Unicorn-1937.exe 4340 Unicorn-47609.exe 4404 Unicorn-29540.exe 1116 Unicorn-51283.exe 724 Unicorn-48590.exe 1480 Unicorn-28170.exe 4856 Unicorn-65481.exe 2280 Unicorn-4397.exe 4676 Unicorn-37816.exe 4288 Unicorn-25586.exe 4952 Unicorn-52228.exe 1204 Unicorn-4973.exe 3528 Unicorn-50645.exe 5080 Unicorn-4973.exe 1684 Unicorn-26140.exe 4204 Unicorn-31206.exe 3124 Unicorn-64625.exe 224 Unicorn-18954.exe 228 Unicorn-39182.exe 4844 Unicorn-26930.exe 3092 Unicorn-7064.exe 748 Unicorn-31568.exe 3044 Unicorn-51434.exe 2708 Unicorn-32720.exe 5072 Unicorn-28636.exe 2684 Unicorn-28636.exe 2952 Unicorn-60754.exe 5112 Unicorn-8792.exe 2100 Unicorn-34688.exe 4356 Unicorn-53162.exe 648 Unicorn-31158.exe 2140 Unicorn-20874.exe 4940 Unicorn-20874.exe 1584 Unicorn-29042.exe 1040 Unicorn-55684.exe 2620 Unicorn-35072.exe 3904 Unicorn-50017.exe 456 Unicorn-19290.exe 3604 Unicorn-64407.exe 3840 Unicorn-28056.exe 2468 Unicorn-38170.exe 3732 Unicorn-34086.exe 4992 Unicorn-21834.exe 2692 Unicorn-20250.exe 4508 Unicorn-34470.exe 2912 Unicorn-28440.exe 4512 Unicorn-7827.exe 5032 Unicorn-44776.exe 2696 Unicorn-21366.exe 2944 Unicorn-21366.exe 2844 Unicorn-43732.exe -
Program crash 50 IoCs
pid pid_target Process procid_target 4424 4328 WerFault.exe 82 3224 4328 WerFault.exe 82 616 1756 WerFault.exe 91 2620 1756 WerFault.exe 91 4268 3752 WerFault.exe 93 1256 3696 WerFault.exe 94 5008 3752 WerFault.exe 93 4280 3696 WerFault.exe 94 4196 3324 WerFault.exe 102 2952 2140 WerFault.exe 104 2916 4340 WerFault.exe 103 5112 3324 WerFault.exe 102 4148 2140 WerFault.exe 104 2992 4340 WerFault.exe 103 4268 4404 WerFault.exe 109 4408 1116 WerFault.exe 110 2576 724 WerFault.exe 111 3872 1480 WerFault.exe 112 3588 4404 WerFault.exe 109 2040 1480 WerFault.exe 112 1268 1116 WerFault.exe 110 3532 724 WerFault.exe 111 1644 2280 WerFault.exe 122 1692 1684 WerFault.exe 129 4768 4288 WerFault.exe 124 3752 1204 WerFault.exe 127 3588 4952 WerFault.exe 125 220 5080 WerFault.exe 126 3912 3528 WerFault.exe 128 3676 4288 WerFault.exe 124 4856 4204 WerFault.exe 142 3988 228 WerFault.exe 145 3676 224 WerFault.exe 144 3744 748 WerFault.exe 148 4916 3124 WerFault.exe 143 2492 3044 WerFault.exe 149 5828 5072 WerFault.exe 169 4984 2952 WerFault.exe 171 2232 1040 WerFault.exe 179 5604 3604 WerFault.exe 183 5848 2680 WerFault.exe 228 5556 4372 WerFault.exe 223 4108 6084 WerFault.exe 313 6376 1112 WerFault.exe 267 6008 3528 WerFault.exe 273 5540 2872 WerFault.exe 336 6112 4356 WerFault.exe 422 3956 6188 WerFault.exe 457 4800 6260 WerFault.exe 465 7364 4724 WerFault.exe 438 -
System Location Discovery: System Language Discovery 1 TTPs 56 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-53494.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-53162.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-14189.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-26930.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-34688.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-44776.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-29540.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-4973.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-60754.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-20874.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-48590.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-4973.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-55684.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-34086.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-21366.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-19670.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-4397.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-51434.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-28636.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-29042.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-21834.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-39182.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-8792.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-20874.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-19290.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-64407.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-64625.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-43732.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-50645.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-26140.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-28636.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-28440.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-7827.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-6986.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-31206.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-1937.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-37816.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-32720.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-31158.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-20250.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-18954.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-7064.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-31568.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-50017.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-47609.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-28170.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-25586.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-52228.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-34470.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-21366.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-51283.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-65481.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-35072.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-38170.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Unicorn-28056.exe -
Suspicious use of SetWindowsHookEx 53 IoCs
pid Process 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 1756 Unicorn-19670.exe 3752 Unicorn-53494.exe 3696 Unicorn-6986.exe 3324 Unicorn-14189.exe 2140 Unicorn-1937.exe 4340 Unicorn-47609.exe 4404 Unicorn-29540.exe 1116 Unicorn-51283.exe 724 Unicorn-48590.exe 1480 Unicorn-28170.exe 4856 Unicorn-65481.exe 2280 Unicorn-4397.exe 4676 Unicorn-37816.exe 4288 Unicorn-25586.exe 4952 Unicorn-52228.exe 1204 Unicorn-4973.exe 1684 Unicorn-26140.exe 5080 Unicorn-4973.exe 3528 Unicorn-50645.exe 4204 Unicorn-31206.exe 3124 Unicorn-64625.exe 224 Unicorn-18954.exe 228 Unicorn-39182.exe 748 Unicorn-31568.exe 4844 Unicorn-26930.exe 3092 Unicorn-7064.exe 3044 Unicorn-51434.exe 5072 Unicorn-28636.exe 2708 Unicorn-32720.exe 2684 Unicorn-28636.exe 2952 Unicorn-60754.exe 2100 Unicorn-34688.exe 4356 Unicorn-53162.exe 5112 Unicorn-8792.exe 648 Unicorn-31158.exe 2140 Unicorn-20874.exe 1040 Unicorn-55684.exe 4940 Unicorn-20874.exe 1584 Unicorn-29042.exe 2620 Unicorn-35072.exe 3904 Unicorn-50017.exe 456 Unicorn-19290.exe 3604 Unicorn-64407.exe 2468 Unicorn-38170.exe 3840 Unicorn-28056.exe 3732 Unicorn-34086.exe 4992 Unicorn-21834.exe 2692 Unicorn-20250.exe 4508 Unicorn-34470.exe 2912 Unicorn-28440.exe 4512 Unicorn-7827.exe 5032 Unicorn-44776.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4328 wrote to memory of 1756 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 91 PID 4328 wrote to memory of 1756 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 91 PID 4328 wrote to memory of 1756 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 91 PID 1756 wrote to memory of 3752 1756 Unicorn-19670.exe 93 PID 1756 wrote to memory of 3752 1756 Unicorn-19670.exe 93 PID 1756 wrote to memory of 3752 1756 Unicorn-19670.exe 93 PID 4328 wrote to memory of 3696 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 94 PID 4328 wrote to memory of 3696 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 94 PID 4328 wrote to memory of 3696 4328 66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe 94 PID 3752 wrote to memory of 3324 3752 Unicorn-53494.exe 102 PID 3752 wrote to memory of 3324 3752 Unicorn-53494.exe 102 PID 3752 wrote to memory of 3324 3752 Unicorn-53494.exe 102 PID 3696 wrote to memory of 2140 3696 Unicorn-6986.exe 104 PID 3696 wrote to memory of 2140 3696 Unicorn-6986.exe 104 PID 3696 wrote to memory of 2140 3696 Unicorn-6986.exe 104 PID 1756 wrote to memory of 4340 1756 Unicorn-19670.exe 103 PID 1756 wrote to memory of 4340 1756 Unicorn-19670.exe 103 PID 1756 wrote to memory of 4340 1756 Unicorn-19670.exe 103 PID 3324 wrote to memory of 4404 3324 Unicorn-14189.exe 109 PID 3324 wrote to memory of 4404 3324 Unicorn-14189.exe 109 PID 3324 wrote to memory of 4404 3324 Unicorn-14189.exe 109 PID 3752 wrote to memory of 1116 3752 Unicorn-53494.exe 110 PID 3752 wrote to memory of 1116 3752 Unicorn-53494.exe 110 PID 3752 wrote to memory of 1116 3752 Unicorn-53494.exe 110 PID 2140 wrote to memory of 724 2140 Unicorn-1937.exe 111 PID 2140 wrote to memory of 724 2140 Unicorn-1937.exe 111 PID 2140 wrote to memory of 724 2140 Unicorn-1937.exe 111 PID 4340 wrote to memory of 1480 4340 Unicorn-47609.exe 112 PID 4340 wrote to memory of 1480 4340 Unicorn-47609.exe 112 PID 4340 wrote to memory of 1480 4340 Unicorn-47609.exe 112 PID 3696 wrote to memory of 4856 3696 Unicorn-6986.exe 113 PID 3696 wrote to memory of 4856 3696 Unicorn-6986.exe 113 PID 3696 wrote to memory of 4856 3696 Unicorn-6986.exe 113 PID 4404 wrote to memory of 2280 4404 Unicorn-29540.exe 122 PID 4404 wrote to memory of 2280 4404 Unicorn-29540.exe 122 PID 4404 wrote to memory of 2280 4404 Unicorn-29540.exe 122 PID 3324 wrote to memory of 4676 3324 Unicorn-14189.exe 123 PID 3324 wrote to memory of 4676 3324 Unicorn-14189.exe 123 PID 3324 wrote to memory of 4676 3324 Unicorn-14189.exe 123 PID 1116 wrote to memory of 4288 1116 Unicorn-51283.exe 124 PID 1116 wrote to memory of 4288 1116 Unicorn-51283.exe 124 PID 1116 wrote to memory of 4288 1116 Unicorn-51283.exe 124 PID 724 wrote to memory of 4952 724 Unicorn-48590.exe 125 PID 724 wrote to memory of 4952 724 Unicorn-48590.exe 125 PID 724 wrote to memory of 4952 724 Unicorn-48590.exe 125 PID 4856 wrote to memory of 1204 4856 Unicorn-65481.exe 127 PID 4856 wrote to memory of 1204 4856 Unicorn-65481.exe 127 PID 4856 wrote to memory of 1204 4856 Unicorn-65481.exe 127 PID 2140 wrote to memory of 3528 2140 Unicorn-1937.exe 128 PID 2140 wrote to memory of 3528 2140 Unicorn-1937.exe 128 PID 2140 wrote to memory of 3528 2140 Unicorn-1937.exe 128 PID 1480 wrote to memory of 5080 1480 Unicorn-28170.exe 126 PID 1480 wrote to memory of 5080 1480 Unicorn-28170.exe 126 PID 1480 wrote to memory of 5080 1480 Unicorn-28170.exe 126 PID 4340 wrote to memory of 1684 4340 Unicorn-47609.exe 129 PID 4340 wrote to memory of 1684 4340 Unicorn-47609.exe 129 PID 4340 wrote to memory of 1684 4340 Unicorn-47609.exe 129 PID 2280 wrote to memory of 4204 2280 Unicorn-4397.exe 142 PID 2280 wrote to memory of 4204 2280 Unicorn-4397.exe 142 PID 2280 wrote to memory of 4204 2280 Unicorn-4397.exe 142 PID 4404 wrote to memory of 3124 4404 Unicorn-29540.exe 143 PID 4404 wrote to memory of 3124 4404 Unicorn-29540.exe 143 PID 4404 wrote to memory of 3124 4404 Unicorn-29540.exe 143 PID 4676 wrote to memory of 224 4676 Unicorn-37816.exe 144
Processes
-
C:\Users\Admin\AppData\Local\Temp\66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe"C:\Users\Admin\AppData\Local\Temp\66a619bd42662a3b0d438f73a21c596739d5c4d464617d9d4d033d76e510f713N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4328 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3752 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3324 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4404 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-31206.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31206.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4204 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60754.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4992 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe10⤵PID:3992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe11⤵PID:5400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe12⤵PID:6036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe13⤵PID:4412
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe14⤵PID:2008
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe10⤵PID:5568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe11⤵PID:2104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe12⤵PID:6236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe13⤵PID:7024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe14⤵PID:7132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe15⤵PID:4520
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe16⤵PID:6660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe17⤵PID:7764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe18⤵PID:7204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2247.exe19⤵PID:7392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe20⤵PID:9356
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe9⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe10⤵PID:6004
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe11⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe12⤵PID:5704
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe13⤵PID:7016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe14⤵PID:5024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe15⤵PID:4316
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 7209⤵
- Program crash
PID:4984
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe9⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe10⤵PID:5660
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe11⤵PID:6072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe12⤵PID:2836
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe13⤵PID:6288
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe14⤵PID:6768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe15⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe16⤵PID:7232
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe17⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe18⤵PID:5056
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe19⤵PID:5016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe20⤵PID:2324
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe17⤵PID:7320
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe18⤵PID:7696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe19⤵PID:6644
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe9⤵PID:5692
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe10⤵PID:5916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe11⤵PID:6196
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe12⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe13⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe14⤵PID:2844
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe15⤵PID:7720
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe16⤵PID:7408
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe17⤵PID:5484
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe18⤵PID:7600
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 7248⤵
- Program crash
PID:4856
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5112 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5032 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe9⤵PID:4308
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe10⤵PID:5908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe11⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe12⤵PID:6260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe13⤵PID:7140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe14⤵PID:5684
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe15⤵PID:4964
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe16⤵PID:8100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe17⤵PID:5784
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe18⤵PID:7680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe19⤵PID:6508
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 60013⤵
- Program crash
PID:4800
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe9⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe10⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe11⤵PID:5268
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe12⤵PID:6820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe13⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe14⤵PID:5140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe15⤵PID:3360
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe16⤵PID:5980
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe17⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe18⤵PID:9164
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 7247⤵
- Program crash
PID:1644
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3124 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2912 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe9⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe10⤵PID:6016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe11⤵PID:5088
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe12⤵PID:5932
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe13⤵PID:6508
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe9⤵PID:6084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 63610⤵
- Program crash
PID:4108
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2944 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe8⤵PID:6140
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe9⤵PID:1048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe10⤵PID:6632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe11⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe12⤵PID:3172
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe13⤵PID:7276
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe14⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe15⤵PID:5608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe16⤵PID:312
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 7247⤵
- Program crash
PID:4916
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 7366⤵
- Program crash
PID:4268
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 7446⤵
- Program crash
PID:3588
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4676 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:224 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4356 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4508 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe9⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe10⤵PID:5632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe11⤵PID:5352
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe12⤵PID:3200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe13⤵PID:3248
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe9⤵PID:5796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe10⤵PID:5016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe11⤵PID:4700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe12⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe13⤵PID:7160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe14⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe15⤵PID:7248
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe16⤵PID:6080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe17⤵PID:5272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe18⤵PID:3928
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe16⤵PID:6024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe17⤵PID:8016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe18⤵PID:6680
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe8⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe9⤵PID:5336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe10⤵PID:3936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe11⤵PID:6680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe12⤵PID:6504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe13⤵PID:6444
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe14⤵PID:5392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe15⤵PID:8084
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe16⤵PID:1504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe17⤵PID:6700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe18⤵PID:5916
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe8⤵PID:3528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe9⤵PID:4752
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe10⤵PID:4996
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe11⤵PID:5964
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe11⤵PID:6608
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe12⤵PID:2468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe13⤵PID:3188
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe14⤵PID:7700
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe15⤵PID:7564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe16⤵PID:6072
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe17⤵PID:6480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe18⤵PID:4536
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 6609⤵
- Program crash
PID:6008
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 7287⤵
- Program crash
PID:3676
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:648 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4512 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe8⤵PID:3224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe9⤵PID:5952
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe10⤵PID:4804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe11⤵PID:6220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe12⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe13⤵PID:7116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe14⤵PID:4032
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe15⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe16⤵PID:7440
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe17⤵PID:6068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe18⤵PID:7436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe19⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe20⤵PID:9400
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe8⤵PID:6040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe9⤵PID:4644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe10⤵PID:5284
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe11⤵PID:6896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe12⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe13⤵PID:6044
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe14⤵PID:536
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe15⤵PID:7272
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe16⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe17⤵PID:6376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe18⤵PID:7992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe19⤵PID:9360
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe7⤵PID:1112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe8⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe9⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe10⤵PID:4940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe11⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe12⤵PID:7068
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe13⤵PID:5508
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe14⤵PID:7496
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe15⤵PID:5400
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe16⤵PID:6468
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe17⤵PID:8208
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 7688⤵
- Program crash
PID:6376
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 7445⤵
- Program crash
PID:4196
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 7405⤵
- Program crash
PID:5112
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1116 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4288 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2708 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3840 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe8⤵PID:4264
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe8⤵PID:4268
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe9⤵PID:6060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe10⤵PID:228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe11⤵PID:6624
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe12⤵PID:5892
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe13⤵PID:6876
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe14⤵PID:3324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe15⤵PID:6016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe16⤵PID:7788
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe17⤵PID:7936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe18⤵PID:4384
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe7⤵PID:4464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe8⤵PID:5640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe9⤵PID:5204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe10⤵PID:5772
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe11⤵PID:6916
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe12⤵PID:6992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe13⤵PID:5376
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe14⤵PID:4120
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe15⤵PID:7324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe16⤵PID:5260
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 6246⤵
- Program crash
PID:4768
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 6326⤵
- Program crash
PID:3676
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 7165⤵
- Program crash
PID:4408
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 7205⤵
- Program crash
PID:1268
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 7244⤵
- Program crash
PID:4268
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 7524⤵
- Program crash
PID:5008
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4340 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5080 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:228 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1040 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe8⤵PID:1552
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe9⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe10⤵PID:5192
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe11⤵PID:6244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe12⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe13⤵PID:5324
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe14⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe15⤵PID:5464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe16⤵PID:7868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe17⤵PID:5652
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe18⤵PID:7304
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 6368⤵
- Program crash
PID:2232
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 6327⤵
- Program crash
PID:3988
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3604 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe7⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe8⤵PID:5512
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe9⤵PID:820
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe10⤵PID:6204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe11⤵PID:4428
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe12⤵PID:6804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe13⤵PID:6040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe14⤵PID:7208
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe15⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe16⤵PID:2300
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe17⤵PID:5172
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 7167⤵
- Program crash
PID:5604
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 7326⤵
- Program crash
PID:220
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3092 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4940 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe7⤵PID:464
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe8⤵PID:5156
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23666.exe9⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe10⤵PID:5148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe11⤵PID:6824
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe12⤵PID:6492
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe13⤵PID:3644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe14⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe15⤵PID:5764
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe16⤵PID:7688
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe17⤵PID:4320
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe6⤵PID:2576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe7⤵PID:4728
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe8⤵PID:5396
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe9⤵PID:6112
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe10⤵PID:6168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe11⤵PID:6852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe12⤵PID:6880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe13⤵PID:5800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe14⤵PID:7500
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe15⤵PID:3800
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe16⤵PID:5648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe17⤵PID:7608
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe7⤵PID:5364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe8⤵PID:5528
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe9⤵PID:4104
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe10⤵PID:6676
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe11⤵PID:5224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe12⤵PID:5356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe13⤵PID:8168
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe14⤵PID:7972
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe15⤵PID:5628
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe16⤵PID:6172
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 7525⤵
- Program crash
PID:3872
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 7365⤵
- Program crash
PID:2040
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5072 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3732 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe7⤵PID:864
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe8⤵PID:5404
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe9⤵PID:392
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe10⤵PID:6160
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe11⤵PID:6132
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe12⤵PID:5576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe13⤵PID:1108
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe14⤵PID:8024
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe15⤵PID:5220
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe16⤵PID:7940
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe17⤵PID:6244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe18⤵PID:8232
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe7⤵PID:5504
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41118.exe8⤵PID:1740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe9⤵PID:1992
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe10⤵PID:6948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe11⤵PID:5012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe12⤵PID:7148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe13⤵PID:5984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe14⤵PID:2564
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe15⤵PID:7228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe16⤵PID:6460
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe17⤵PID:4408
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe6⤵PID:3896
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe7⤵PID:5968
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe8⤵PID:5880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe9⤵PID:6268
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe10⤵PID:6252
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe11⤵PID:5852
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe12⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe13⤵PID:8036
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe14⤵PID:3632
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe15⤵PID:7592
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe16⤵PID:7692
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 7806⤵
- Program crash
PID:5828
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 6605⤵
- Program crash
PID:1692
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 7164⤵
- Program crash
PID:2916
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 7204⤵
- Program crash
PID:2992
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 7163⤵
- Program crash
PID:616
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 7443⤵
- Program crash
PID:2620
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3696 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:724 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4952 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3044 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2140 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe8⤵PID:1256
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe9⤵PID:2356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe10⤵PID:2840
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe11⤵PID:6180
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe12⤵PID:7124
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe13⤵PID:5588
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe14⤵PID:5364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe15⤵PID:5568
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe16⤵PID:7736
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe17⤵PID:8012
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe7⤵PID:2740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe8⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe9⤵PID:2872
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe10⤵PID:1116
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe11⤵PID:6580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe12⤵PID:6576
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe13⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe14⤵PID:3880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe15⤵PID:5848
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe16⤵PID:7240
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe17⤵PID:3040
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe18⤵PID:6344
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe19⤵PID:3044
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 62810⤵
- Program crash
PID:5540
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 7247⤵
- Program crash
PID:2492
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3904 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe7⤵PID:4372
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe8⤵PID:5152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe9⤵PID:5080
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe10⤵PID:6212
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe11⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe12⤵PID:2944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-8217.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-8217.exe13⤵PID:5200
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe14⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe15⤵PID:7984
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe16⤵PID:8176
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe17⤵PID:7184
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe18⤵PID:7588
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 6048⤵
- Program crash
PID:5556
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 6566⤵
- Program crash
PID:3588
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 7165⤵
- Program crash
PID:2576
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 7245⤵
- Program crash
PID:3532
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3528 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2620 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe7⤵PID:4936
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe8⤵PID:3584
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe9⤵PID:2012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe10⤵PID:6228
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe11⤵PID:6664
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe12⤵PID:6924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe13⤵PID:6640
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe14⤵PID:8048
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe15⤵PID:3648
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe16⤵PID:5148
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe17⤵PID:5804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe18⤵PID:9328
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2844 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe7⤵PID:2016
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe8⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe9⤵PID:4724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe10⤵PID:4108
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe10⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe11⤵PID:4768
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe12⤵PID:4556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe13⤵PID:8076
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe14⤵PID:8060
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe15⤵PID:4264
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe16⤵PID:9228
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 63610⤵
- Program crash
PID:7364
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:456 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe6⤵PID:3260
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe7⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe8⤵PID:5596
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe9⤵PID:4356
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe10⤵PID:6868
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe11⤵PID:5436
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe12⤵PID:5960
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe13⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe14⤵PID:8092
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe15⤵PID:5944
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe16⤵PID:6136
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe17⤵PID:3432
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe18⤵PID:5612
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 63210⤵
- Program crash
PID:6112
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 7245⤵
- Program crash
PID:3912
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 6604⤵
- Program crash
PID:2952
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 6324⤵
- Program crash
PID:4148
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1204 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2684 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2468 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe7⤵PID:1012
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe8⤵PID:5436
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe7⤵PID:5680
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe6⤵PID:4724
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe7⤵PID:5292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe8⤵PID:5900
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe9⤵PID:4796
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe10⤵PID:6364
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe11⤵PID:2236
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe12⤵PID:6740
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe13⤵PID:1544
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe14⤵PID:7756
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe15⤵PID:6812
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe16⤵PID:8152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe17⤵PID:900
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 7205⤵
- Program crash
PID:3752
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:748 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1584 -
C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe6⤵PID:4280
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe7⤵PID:5224
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe8⤵PID:5804
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe9⤵PID:4948
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe10⤵PID:6152
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe11⤵PID:6560
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe12⤵PID:1220
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe5⤵PID:2680
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe6⤵PID:5164
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe7⤵PID:5924
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe8⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe9⤵PID:6188
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe10⤵PID:6732
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe11⤵PID:5244
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe12⤵PID:5556
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe13⤵PID:7292
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe14⤵PID:5880
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe15⤵PID:7780
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe16⤵PID:3052
-
C:\Users\Admin\AppData\Local\Temp\Unicorn-23026.exeC:\Users\Admin\AppData\Local\Temp\Unicorn-23026.exe17⤵PID:6972
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 72410⤵
- Program crash
PID:3956
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 6486⤵
- Program crash
PID:5848
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 6245⤵
- Program crash
PID:3744
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 7243⤵
- Program crash
PID:1256
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 7363⤵
- Program crash
PID:4280
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 7242⤵
- Program crash
PID:4424
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 7402⤵
- Program crash
PID:3224
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4328 -ip 43281⤵PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4328 -ip 43281⤵PID:2684
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1756 -ip 17561⤵PID:820
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1756 -ip 17561⤵PID:4012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3752 -ip 37521⤵PID:4384
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3696 -ip 36961⤵PID:2500
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3752 -ip 37521⤵PID:4316
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3696 -ip 36961⤵PID:4284
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3324 -ip 33241⤵PID:4960
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2140 -ip 21401⤵PID:3580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4340 -ip 43401⤵PID:5072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3324 -ip 33241⤵PID:2836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2140 -ip 21401⤵PID:968
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4340 -ip 43401⤵PID:3128
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4404 -ip 44041⤵PID:3340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1116 -ip 11161⤵PID:1644
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 724 -ip 7241⤵PID:4272
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 1480 -ip 14801⤵PID:4284
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4856 -ip 48561⤵PID:5116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 4856 -ip 48561⤵PID:2944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4404 -ip 44041⤵PID:1688
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 1116 -ip 11161⤵PID:2852
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1480 -ip 14801⤵PID:3936
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 724 -ip 7241⤵PID:3016
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2280 -ip 22801⤵PID:396
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1684 -ip 16841⤵PID:4600
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4288 -ip 42881⤵PID:4272
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1204 -ip 12041⤵PID:3988
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4676 -ip 46761⤵PID:4696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4952 -ip 49521⤵PID:464
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 5080 -ip 50801⤵PID:1508
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3528 -ip 35281⤵PID:4408
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4676 -ip 46761⤵PID:2576
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4952 -ip 49521⤵PID:4500
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5080 -ip 50801⤵PID:4680
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3528 -ip 35281⤵PID:2228
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2280 -ip 22801⤵PID:4584
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 1684 -ip 16841⤵PID:1164
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4288 -ip 42881⤵PID:2300
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1204 -ip 12041⤵PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4204 -ip 42041⤵PID:5048
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 228 -ip 2281⤵PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4844 -ip 48441⤵PID:2460
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 224 -ip 2241⤵PID:4728
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 3044 -ip 30441⤵PID:3140
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3124 -ip 31241⤵PID:4600
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 3092 -ip 30921⤵PID:636
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 748 -ip 7481⤵PID:4964
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 2684 -ip 26841⤵PID:1884
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 2708 -ip 27081⤵PID:4884
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4204 -ip 42041⤵PID:3532
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 228 -ip 2281⤵PID:1984
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3092 -ip 30921⤵PID:3248
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2952 -ip 29521⤵PID:3144
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5072 -ip 50721⤵PID:2264
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5112 -ip 51121⤵PID:2276
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2100 -ip 21001⤵PID:2156
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4844 -ip 48441⤵PID:4944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 5072 -ip 50721⤵PID:5020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4940 -ip 49401⤵PID:3248
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2140 -ip 21401⤵PID:5256
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2620 -ip 26201⤵PID:5332
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1584 -ip 15841⤵PID:5360
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3904 -ip 39041⤵PID:5480
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1040 -ip 10401⤵PID:5552
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2952 -ip 29521⤵PID:5616
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2100 -ip 21001⤵PID:5728
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5112 -ip 51121⤵PID:5776
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 456 -ip 4561⤵PID:5836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3604 -ip 36041⤵PID:5848
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 2708 -ip 27081⤵PID:6068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4940 -ip 49401⤵PID:2264
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2684 -ip 26841⤵PID:4248
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 224 -ip 2241⤵PID:5352
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2140 -ip 21401⤵PID:4656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 648 -ip 6481⤵PID:5488
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 1584 -ip 15841⤵PID:5256
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 3904 -ip 39041⤵PID:5748
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2620 -ip 26201⤵PID:5744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 748 -ip 7481⤵PID:5004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3044 -ip 30441⤵PID:5996
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 3124 -ip 31241⤵PID:5616
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 456 -ip 4561⤵PID:5980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2696 -ip 26961⤵PID:4408
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4356 -ip 43561⤵PID:5216
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 648 -ip 6481⤵PID:5836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 2740 -ip 27401⤵PID:4688
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3840 -ip 38401⤵PID:5668
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2680 -ip 26801⤵PID:2708
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4280 -ip 42801⤵PID:4656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4272 -ip 42721⤵PID:5144
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 4724 -ip 47241⤵PID:6024
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 3260 -ip 32601⤵PID:4928
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 464 -ip 4641⤵PID:5488
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3992 -ip 39921⤵PID:4104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2696 -ip 26961⤵PID:6128
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4356 -ip 43561⤵PID:2276
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 3840 -ip 38401⤵PID:2156
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 2740 -ip 27401⤵PID:6092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2680 -ip 26801⤵PID:4796
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4272 -ip 42721⤵PID:5284
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4280 -ip 42801⤵PID:2708
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5008 -ip 50081⤵PID:224
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 4724 -ip 47241⤵PID:4740
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4512 -ip 45121⤵PID:1992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 3224 -ip 32241⤵PID:4348
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3260 -ip 32601⤵PID:5452
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 464 -ip 4641⤵PID:5180
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1552 -ip 15521⤵PID:5340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5032 -ip 50321⤵PID:3840
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4372 -ip 43721⤵PID:5212
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3992 -ip 39921⤵PID:5624
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4508 -ip 45081⤵PID:5892
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4728 -ip 47281⤵PID:5836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 1040 -ip 10401⤵PID:5772
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 4936 -ip 49361⤵PID:4104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4464 -ip 44641⤵PID:4940
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 1256 -ip 12561⤵PID:1992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 884 -p 3376 -ip 33761⤵PID:5960
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2176 -ip 21761⤵PID:1880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2844 -ip 28441⤵PID:5588
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 3896 -ip 38961⤵PID:5672
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2468 -ip 24681⤵PID:4384
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1012 -ip 10121⤵PID:5932
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4992 -ip 49921⤵PID:2280
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 5436 -ip 54361⤵PID:2696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2692 -ip 26921⤵PID:4940
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 864 -ip 8641⤵PID:4880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5680 -ip 56801⤵PID:1880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4272 -ip 42721⤵PID:5772
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 2904 -ip 29041⤵PID:1948
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 3732 -ip 37321⤵PID:5340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2576 -ip 25761⤵PID:3472
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5224 -ip 52241⤵PID:2708
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2912 -ip 29121⤵PID:3032
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4308 -ip 43081⤵PID:4108
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 5164 -ip 51641⤵PID:2740
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5292 -ip 52921⤵PID:5020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6084 -ip 60841⤵PID:6280
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 4512 -ip 45121⤵PID:6344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5008 -ip 50081⤵PID:6420
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 3224 -ip 32241⤵PID:6508
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 1552 -ip 15521⤵PID:6560
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 5032 -ip 50321⤵PID:6716
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 3604 -ip 36041⤵PID:6840
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 2944 -ip 29441⤵PID:6932
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 1112 -ip 11121⤵PID:6976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 996 -p 4268 -ip 42681⤵PID:7064
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 992 -p 1460 -ip 14601⤵PID:7096
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 3976 -ip 39761⤵PID:7120
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 4508 -ip 45081⤵PID:7140
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 4728 -ip 47281⤵PID:5180
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1088 -p 5660 -ip 56601⤵PID:6176
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 5632 -ip 56321⤵PID:5096
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4936 -ip 49361⤵PID:3964
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 1256 -ip 12561⤵PID:6344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 4464 -ip 44641⤵PID:6780
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 5156 -ip 51561⤵PID:6616
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 3376 -ip 33761⤵PID:6652
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1084 -p 3528 -ip 35281⤵PID:6884
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6004 -ip 60041⤵PID:6424
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5400 -ip 54001⤵PID:4532
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 1644 -ip 16441⤵PID:6856
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 6040 -ip 60401⤵PID:6920
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 2176 -ip 21761⤵PID:6992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1160 -p 2844 -ip 28441⤵PID:7104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 3896 -ip 38961⤵PID:3648
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1200 -p 2468 -ip 24681⤵PID:4020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2016 -ip 20161⤵PID:6348
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 1012 -ip 10121⤵PID:6704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5364 -ip 53641⤵PID:5660
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1220 -p 4992 -ip 49921⤵PID:2072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1248 -p 5436 -ip 54361⤵PID:6880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1232 -p 2692 -ip 26921⤵PID:3376
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1280 -p 864 -ip 8641⤵PID:6564
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1296 -p 5680 -ip 56801⤵PID:552
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3732 -ip 37321⤵PID:4252
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1196 -p 2904 -ip 29041⤵PID:2500
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1152 -p 5224 -ip 52241⤵PID:7136
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 2576 -ip 25761⤵PID:1628
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6016 -ip 60161⤵PID:6604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 6048 -ip 60481⤵PID:3872
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5640 -ip 56401⤵PID:1520
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5336 -ip 53361⤵PID:6740
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2872 -ip 28721⤵PID:6668
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1148 -p 1204 -ip 12041⤵PID:6940
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1368 -p 4308 -ip 43081⤵PID:6348
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 2912 -ip 29121⤵PID:1844
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5292 -ip 52921⤵PID:6876
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 5164 -ip 51641⤵PID:4792
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1128 -p 6084 -ip 60841⤵PID:1768
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2944 -ip 29441⤵PID:6776
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 1112 -ip 11121⤵PID:6424
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2592 -ip 25921⤵PID:7092
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4644 -ip 46441⤵PID:660
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 6072 -ip 60721⤵PID:3340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1324 -p 4268 -ip 42681⤵PID:3376
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 6036 -ip 60361⤵PID:1012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4752 -ip 47521⤵PID:6564
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4580 -ip 45801⤵PID:4252
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 4328 -ip 43281⤵PID:3880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5352 -ip 53521⤵PID:408
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1244 -p 1460 -ip 14601⤵PID:3004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 840 -p 3976 -ip 39761⤵PID:5656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5632 -ip 56321⤵PID:6764
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 5880 -ip 58801⤵PID:5820
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 5156 -ip 51561⤵PID:648
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5204 -ip 52041⤵PID:5008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 1116 -ip 11161⤵PID:2576
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 1740 -ip 17401⤵PID:5960
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1372 -p 6140 -ip 61401⤵PID:4680
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1216 -p 228 -ip 2281⤵PID:3132
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 3936 -ip 39361⤵PID:2940
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 392 -ip 3921⤵PID:4316
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5192 -ip 51921⤵PID:3812
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 5528 -ip 55281⤵PID:4208
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 4948 -ip 49481⤵PID:5168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6004 -ip 60041⤵PID:1880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5400 -ip 54001⤵PID:3340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4412 -ip 44121⤵PID:6072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1292 -p 3528 -ip 35281⤵PID:3656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1448 -p 1644 -ip 16441⤵PID:5228
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1464 -p 6040 -ip 60401⤵PID:6744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 2016 -ip 20161⤵PID:4676
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5364 -ip 53641⤵PID:5168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1520 -p 5900 -ip 59001⤵PID:5540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1560 -p 6048 -ip 60481⤵PID:5400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6016 -ip 60161⤵PID:4984
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5640 -ip 56401⤵PID:548
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1516 -p 2872 -ip 28721⤵PID:4264
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1520 -p 1204 -ip 12041⤵PID:2844
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1584 -p 1548 -ip 15481⤵PID:5236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5336 -ip 53361⤵PID:1748
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1600 -p 5796 -ip 57961⤵PID:6904
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 5952 -ip 59521⤵PID:5792
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1432 -p 5804 -ip 58041⤵PID:6716
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 984 -p 5404 -ip 54041⤵PID:5904
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5908 -ip 59081⤵PID:3416
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1348 -p 6060 -ip 60601⤵PID:3696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1620 -p 5512 -ip 55121⤵PID:5400
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2356 -ip 23561⤵PID:5848
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1456 -p 5504 -ip 55041⤵PID:5864
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 5152 -ip 51521⤵PID:2940
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1540 -p 2100 -ip 21001⤵PID:4968
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5692 -ip 56921⤵PID:6004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 5596 -ip 55961⤵PID:5580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1664 -p 5568 -ip 55681⤵PID:5420
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 3584 -ip 35841⤵PID:4188
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1692 -p 5968 -ip 59681⤵PID:5168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5396 -ip 53961⤵PID:6056
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 5924 -ip 59241⤵PID:5856
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 2592 -ip 25921⤵PID:536
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1556 -p 4644 -ip 46441⤵PID:3648
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1604 -p 6036 -ip 60361⤵PID:388
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 4752 -ip 47521⤵PID:4968
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4580 -ip 45801⤵PID:5976
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1568 -p 4328 -ip 43281⤵PID:3432
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5352 -ip 53521⤵PID:5424
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1492 -p 5204 -ip 52041⤵PID:3128
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5880 -ip 58801⤵PID:1552
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1588 -p 1116 -ip 11161⤵PID:7188
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6140 -ip 61401⤵PID:7196
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1576 -p 1740 -ip 17401⤵PID:7352
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1552 -p 3936 -ip 39361⤵PID:7488
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1560 -p 228 -ip 2281⤵PID:7516
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5192 -ip 51921⤵PID:7688
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1460 -p 392 -ip 3921⤵PID:7732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4948 -ip 49481⤵PID:7780
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5528 -ip 55281⤵PID:7816
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4412 -ip 44121⤵PID:7852
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3200 -ip 32001⤵PID:7920
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1648 -p 5080 -ip 50801⤵PID:7928
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 4372 -ip 43721⤵PID:7956
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1380 -p 5088 -ip 50881⤵PID:8068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1592 -p 6112 -ip 61121⤵PID:5972
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1092 -p 2068 -ip 20681⤵PID:5316
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 820 -ip 8201⤵PID:5636
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4804 -ip 48041⤵PID:4752
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 2104 -ip 21041⤵PID:6128
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 2840 -ip 28401⤵PID:7288
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1640 -p 5016 -ip 50161⤵PID:7376
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1532 -p 2164 -ip 21641⤵PID:7532
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 1896 -ip 18961⤵PID:5352
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1388 -p 2012 -ip 20121⤵PID:7732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 5916 -ip 59161⤵PID:1464
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4796 -ip 47961⤵PID:2100
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1640 -p 4356 -ip 43561⤵PID:8012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1384 -p 5148 -ip 51481⤵PID:5360
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1364 -p 5284 -ip 52841⤵PID:1508
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5704 -ip 57041⤵PID:5500
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1668 -p 6188 -ip 61881⤵PID:2080
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1528 -p 4104 -ip 41041⤵PID:7692
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 2836 -ip 28361⤵PID:6752
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1124 -p 1048 -ip 10481⤵PID:4800
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 6204 -ip 62041⤵PID:7592
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 4700 -ip 47001⤵PID:5300
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 6580 -ip 65801⤵PID:4320
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6236 -ip 62361⤵PID:8016
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 6212 -ip 62121⤵PID:5804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 4940 -ip 49401⤵PID:6372
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6244 -ip 62441⤵PID:4072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1488 -p 5772 -ip 57721⤵PID:5088
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 6160 -ip 61601⤵PID:6028
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 6180 -ip 61801⤵PID:5260
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6220 -ip 62201⤵PID:2836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1992 -ip 19921⤵PID:7844
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6680 -ip 66801⤵PID:5300
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1560 -p 6364 -ip 63641⤵PID:5928
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7016 -ip 70161⤵PID:1112
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1048 -p 6152 -ip 61521⤵PID:3716
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1400 -p 6268 -ip 62681⤵PID:5804
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1228 -p 4996 -ip 49961⤵PID:4536
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1720 -p 6624 -ip 66241⤵PID:7692
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6168 -ip 61681⤵PID:2232
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1728 -p 6260 -ip 62601⤵PID:5300
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1512 -p 4724 -ip 47241⤵PID:4384
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1192 -p 5268 -ip 52681⤵PID:3908
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 6508 -ip 65081⤵PID:6912
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1668 -p 5932 -ip 59321⤵PID:6684
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1176 -p 6196 -ip 61961⤵PID:1836
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6868 -ip 68681⤵PID:5000
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1356 -p 4728 -ip 47281⤵PID:1628
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1656 -p 5892 -ip 58921⤵PID:8000
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1260 -p 6824 -ip 68241⤵PID:1420
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6948 -ip 69481⤵PID:8316
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1608 -p 6992 -ip 69921⤵PID:8324
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1636 -ip 16361⤵PID:4728
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 6896 -ip 68961⤵PID:8296
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1320 -p 6732 -ip 67321⤵PID:8276
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 1468 -p 6228 -ip 62281⤵PID:9268
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
468KB
MD5e6b026228c90921ae0904765d89a57d4
SHA1ddddf4722686e957136e77d0d06aa8a1dad03857
SHA256a1749ca98d4f4518c8e1788e0dc6c049fcae9fad5206cff74fa50f1a3c296b97
SHA5121f80b3da18f24e0cb533d0c8fd17efaa703a0e444ca669468c23e3ecbe74d10de680ce108df0d1db5e510e15975e40090b025e204349b1b538792c862bf34b41
-
Filesize
468KB
MD5962941552ac02489aa00ad563e26f5a4
SHA1d28b8969a4718bfa69bee29a7b7f5515418cb2ea
SHA2562c25c10b442d2f463713b08bb8033353036c3a05a0a6c1c4fc97fed7b6498b45
SHA5127fb031789a08aceadd2621569a708a3cb839862287abbadc263aa4b8f28ac2447aa6231f2bdc135c235bd3177b665d02513acf3d131fda57687334ae9857af8d
-
Filesize
468KB
MD51fc106262aa0c97c87d9e12b0171fc6c
SHA14c8dd3758300422606cb9c950efb943c4bdf4c01
SHA25679b3fa8677aa34c208839135e4acda0a5a9f448c82b1377e6eaa2cd8f9c073c5
SHA512ece5237eb53c7d10416f0ffbc6face96005740cc6b256031d0e9bac45e8c78b5ec1df75daa5ee58f381da2568df8880c48b57619b261d2e9dbec0e3f4fda526f
-
Filesize
468KB
MD531ca67778ab37050aba72bd2bf6141d7
SHA155e12bfa661cf7b0e15c763dd3942cb5b0b98cdb
SHA25640c82dd359b44c415442ab6d50c41262d610cd66e2c09cdcf496055fd793bdce
SHA512cbbc2d732d7a76162ce954127883b8f55592a0762c9b27f3638876e098e15e1996edafd6a2896d73e016a13bcb761eac49e43bbd9b08e273f8b454a1deab6271
-
Filesize
468KB
MD565ef0f8ad930c4be46b3dbbe3cd00c13
SHA1804726513eebabd35879fac7adf59dbeaf4ec096
SHA256a0fe19cefdda835b4a8de96fc4f0017eb77a6f290b6ab4fb2a47340a4e6ba7a6
SHA51238fbd43690ae1687dbe632874c2d25e3b5ae60e76f8f7ee80a7c41b7503be673da2b7c5e96219f1df658aad28376ff99f9782d949f6bdb16e2daf1764df212b2
-
Filesize
468KB
MD54401b3d6d9dc2ae570b4942784838109
SHA141dc7d4eee3864cda38477bbd2ea81642b64bad0
SHA25640ab204b6104860df9f139bc7c886f3a090585f1db7e5ea42b6d487ed5407bd3
SHA512875f93cd9374d9881544abd064e3f101b77f9dcd176ea7b262754e18ba716562f3b90c7b726b2064f2c12d6cd4225afe324fdfe0277a63cc3c500923b2571734
-
Filesize
468KB
MD5e9d3adf3eb9342533d2c497a17b9507b
SHA10dbd039393aa80f0c1c746490c00991e9738ff6e
SHA25676258282542c10129a6afb0a66110eeb0ef5aab398ac657e7757effa411d2279
SHA512d108ca88d56b2b6ee7aaaf79e23385cadb4a438609e3820651e245329c73767afee974df9bf9a4c4215502d4d6f9877326c859aae3d35992b0f769095d1e0d4a
-
Filesize
468KB
MD5dcefa2a224868684c96b806727533a04
SHA17f7de199da2c0be0624c9eda45696784fa8a14c0
SHA2565f0baf56d9053b2e79c2da27a3d2fb8323343b4b81ef2611d5cf5789df160a9a
SHA512f33dfee128832fab314b4537324dad5174a2d67c8aa26d71b246c6af0ad790630bac692ddff495298558289b766a6be48c396f31f0576c3766ec2a3a298ccc11
-
Filesize
468KB
MD5f9666c7c52f577c91d821da189b7fa61
SHA1ae9b8267a4f54d1908d02d601e87b84bdc46dfec
SHA256c2b7f322b90af05612e48d367783d017cc9c44279644627e8a0ea58c1a56de4e
SHA512048bd99092bb15e3cadef151ea616f5b43c09382a1ce93728e6763b64080bd6db38baaeec55737ae0384d86a406cbb2e03ac01c06a27ee6c5b68771b796cabcf
-
Filesize
468KB
MD5e89a41c2c838305e7cb18aae60b3c89f
SHA191df59a84cb39fee406f5e4f16dc35d16ac6151c
SHA256c58027c781e89c077c5d30508f87f689ca25f11284de9781ab27eb3ec2b22b21
SHA512199ea8474e6406d4068ec04993339338a2982db7092c4f48b37f9e15834d42d3918e632017ae704a98e4bde1b40ac8ecf583e56852b368932c10ec7ff2254324
-
Filesize
468KB
MD5f1da60369cae9fd7d72f56401486c355
SHA1665c014e9848c79569debc630784f30721dd8e38
SHA25643bc50de19799039b8ba55462f839c301b8bed840ff59923a9b6012faf436ab3
SHA512ab3ac94b8c031d92cb8a5a54e85c89e8fcbfcae5213829e34853bf362da46916b9ead4091f773251522d7ce9b7b70267e481a1362dd594d08e556ad4cca0308b
-
Filesize
468KB
MD5582774ebed4aa9e89393477f6297662f
SHA194535d30af928e82d648ad3f4faef69f1fc58312
SHA2566e952711669524c8bb8d0ded1db8b24717c0b7c543d60b16412873e9e0d9fc31
SHA512637263b3563ad8663a4e7119a0f3eedcb3e390348742b39571256f3c03a0e6e77761550698edd3a80acacce69ad36948562d9a3fb17a5d328c5c32eda33d75a2
-
Filesize
468KB
MD572dfa71ad7852391a21f58b81d82f29b
SHA129585b37020fdcb3b7ec06a8de79a92ffd1c0ba9
SHA256b31aaecf4825d98312d046fbdb83de75ff9fbc33374c42f0314616c3caf9a815
SHA5122383c9535bac1d92e56de71c1f86cf9ce406e5683584f93038457eccc780eb8334b4064b6e958f47cc916845b95503958eb5ebd2117826c096dc78ac380bb286
-
Filesize
468KB
MD5bf94082a55b652b2668e110a3f59f907
SHA10c28465d234e28cbc41c7ed9f41e846a6c051f32
SHA256490113177cd50b19068df7f1110db5760eaad0317ddc408c26fa2bdb44c6932a
SHA512caf17ea9404d0d9806565b61a45166b84180af957d555a1e855f88982e149c91f467053ef11e3e23819c9350481a8872533a5734ca18323ca76640c740bcef33
-
Filesize
468KB
MD539eb2bef31c4e6c38d60c906c82c65d6
SHA1afa4c9b9e72a19c2ac1710df869f74fe7781a619
SHA256ac31b89c8326c71c52231afa278105ecd2edee37315e308db6a9650f47094294
SHA5121d9b68c20bbd25d3d7d2b69683faef41d7f8260e1c833000c0de3b837a01c8d69df95466cf98d05c89b01656b110b4b87ac64689bcc70dae27c903338d536056
-
Filesize
468KB
MD5687263dce2338c580e2560a656c31214
SHA19ea712a15de99bfa3087376d53e53693f8504574
SHA2567a1eac4a4e25144144eba1420ceaefdcd3589b613478b84ed428b98aaaaed444
SHA51256d9247034f2b5312cbbff88ddf32cf0973b357cb447f471ade6e47ecd5890cc55f2568e54ad9cc54a98eb77104cab68cffcdcdfc88ec5291d1706de6d17df82
-
Filesize
468KB
MD51b8b00e4408b0d30ea3b67caf88f84ad
SHA1b2df959940402a0d994a522546f9ea760348da14
SHA2568b4d36eec80008261df09fb867bcb656c3f188bd9ce68bf90efc186671cd9bb4
SHA51267b6ac382fb328f1f8a81f5eef00df81299ea2c676880d7a868b8a4768ddfad4c6272426b1ccc26f871fd0287419c232b865a2dbee4a4024be04fce9fe39e967
-
Filesize
468KB
MD501466c32e18a3b674afea847d6bbd888
SHA1f6339a0b4d2e071a9cf712f0cba8215c5ad75e8e
SHA256c02743662b6c25831fce94b6b02d91f49f5dff979eb721ce646d3b0a6ffa8e41
SHA5125a003135e1c360022fe2814f3aa22296cb46a27fb8eea73c672cd868763d0683f8e080e001b7611b0fd4bfce79c62b25d4d400b213dfdd3c5978acfb25f2f02b
-
Filesize
468KB
MD5e04874b6663cca1b212591dcf968138d
SHA104ed7e24d52cfd718857d7e0426fbbf83fd0fa34
SHA2562c5156a5848d886d2cf74c64e14d169cc532055e76f665779f6dc6e61c0f7639
SHA512a33048389c23d776b06329eaa41556fc24334fbd5a8bf05b5c966e15fb631eef8cd8760653c7e7a6e88467b616d54f3f41581e2e76636056474ae9f451d1620c
-
Filesize
468KB
MD5181a2709ff88e66ecc698f33cf607560
SHA1d9fcff1e82f9136231df21662e00865f15f312c3
SHA2561cb9d26fd715cc99a54eed6a96f88cd9418467f9d5009f64b15eb95881d8e584
SHA512b474a8dd9166062af3c904dadfe4b65036fedb1f667914b283bd2032e3717f5adcdf7bbef2d6f998da888790229b945aafa269282da968f0bee22a1198d6be5a
-
Filesize
468KB
MD51e76135f8bbfde70e39e827da3d1c2c8
SHA167f70edc65b8361d19b695f7d428db970b79e1d4
SHA25633a38fdd803ea8455898ebae30b34f30d2cb912e4e44d8192cbf406fe01ee8fa
SHA5120b19cb51c2f088fe3c40929e9993132228398218e6818afd3c92cb0d1ca3afc0ff0d4423a655f4672f235e4b4138366d2734ce1b17d4e3d0d46bdca6704e2fef
-
Filesize
468KB
MD5830cbf67f1e7cf6dd06282f995dcd312
SHA1486c60ae86aa4d205f19c632327aa084e2a1734f
SHA25638994b97080c99d2eb083e9a51b8577a2843b3f1056cd75344f6bb709f39f915
SHA512326453d86c908d43e53ac308b6d39a48d162878de396d36f476b4f904301718e5317b1c376d5867de96d9b00c5ef5a8871fb45af7c4695eb33d04e9e3e78bc35
-
Filesize
468KB
MD552317c20ae768e8dc7b82fb42df9024e
SHA16b39b6e94b6be640fdf033486aeae2f75547fa5e
SHA2560782b58161a29ff934dfa143d367aea851920d3e24700318e7a9fb123774e883
SHA5123d2dee006d57b55ad90261ec821ae3f51581ee7b0df956a51688ecbd19822e83bb6e0eb4dd92744bbd6adda8dce91e91bb2b6281551f917c90774548a5b938da
-
Filesize
468KB
MD57a87115bcad0f128b98f11b87431b966
SHA14b4b24fc75d6af571ba3f1740a1fc6339baa3f98
SHA256b3669f10105e5f0f7b552bed307214d7812f9f1e36d149abfbfc20ec3c5aa352
SHA51241098fca8a98afc9b16e72f9e8bb94e54196a7086fb0984bd741303efeb484250f0160725026478fc6b1713a0a1fde006689d68aa8ce08eb7d2f5b545dd87ace
-
Filesize
468KB
MD5e8bf5c6fa9f1d07ed1ed62157e29d199
SHA1f0ae642a5d3f00f134edaa3a9c3d49f326257bb7
SHA256c646aada4b960a3ad37ec7e20874890a669352000b58aa2b009a4eaefaca015d
SHA51233c951d479d4f99a8cd773258e8f62db1207a7a7dba1a5eaa64bc21e20f532ba456419c968ab6ad900846c29e37df8c46c55de0f99df57e6907f057b7db38665
-
Filesize
468KB
MD5aebf5ca1300df4171b506155c0db75b5
SHA1655dc6de61a7b3ad81c1f601567f70ae07d8d373
SHA256ca81a6a5594024269465aa1102c223881de3a002680f7a19d06ec47253d1ac97
SHA51223f6a0f83a5e747c7e77ead6568125d1a0ed8c9454dbf8a3c0f4ba9b469207d63e80f182cdbd042814b367f40c5e2b8cc04d1532b4bac0c078b2ae7957037645
-
Filesize
468KB
MD5c58effcc9c664a1153a63e01b7fe2dec
SHA1c89d3b1be9c7d9ba6d57b48d81812118f382e2b1
SHA256bb9178f53208e8b0847057faae7612d261f180bc51886e0e79863d354c16c49b
SHA512723664a262ee59a81aacebaef00ffe210f869f99ca3c48689816bed7f1f7431b42db27eb37a3cd8b5a1797896399e2e6ec1c9e8870b17a522e884b61126bac22
-
Filesize
468KB
MD5486b6903bd5fbf1691c2cd361e443158
SHA109fe1f4000de4ad58cb08f8682846b8bec056e59
SHA256d4ed7feab12b54c7ee22be4d06bae2c56e833d66ac46ce22980a70113c77c6c5
SHA512034a756bf4de5475f90ca4745fa02ac2aa8e71f1a789f86b06ea8fbfab0325fa263ad97cfbacc639dfb27b3589df5ad23573aabd176f51344dcfad6fc997702e
-
Filesize
468KB
MD5110532294c85571cbac06cf37f17d065
SHA164c22d208008a05fdf3467c8f2baa1f348079879
SHA25632d5a0bfc4fc5305df308cef1730ae57ef3c1f59161c3bfab40d840712fbd47b
SHA5121990bb7371a8116107ab5a7d6613aaa2835b222e1b93a11431fa450296c0922800121740180cd21f2b11237325dc7abbfe3198dd251cce99fb3cf8843af52347
-
Filesize
468KB
MD53f559f3632dd18b5a5b2c7b7d8e5f56d
SHA1a54c9d88574fa563850d3b6b08d12ea46aa95d0f
SHA256edaca72222e5df9065885510fd40d1fd345ceff63a41d248fb1a3e80c2ba0de3
SHA512383dec11ef6b484ad037816dda2b324dbe29805024913a5dd6817331acc6a244ba713fa7a8fddef852dcd2eaf93c2babd2e1a5699780a15eea0c107ceb4015a4