6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
Size

184KB
MD5

8e33b4d52f7fcca63769cbbaede30a4c
SHA1

d741b48359b2d614368f0eeb77af862ca1e20d97
SHA256

6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7
SHA512

fcb3374c185321de78550d03edd9680868d643f0bb12fd018563f4576074c03ebc9e6ce39a16e2b14381e2ec21ff2dfb6b5215865501648f985e8e7f4d015d2c
SSDEEP

3072:xat3RFoWmb3vdFGxfHwLRtCOhlnViFFn3:xapoVVFGKLbCOhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-35324.exeUnicorn-46268.exeUnicorn-596.exeUnicorn-7612.exeUnicorn-58204.exeUnicorn-8764.exeUnicorn-44966.exeUnicorn-14239.exeUnicorn-55355.exeUnicorn-14898.exeUnicorn-29843.exeUnicorn-18983.exeUnicorn-33949.exeUnicorn-31488.exeUnicorn-45708.exeUnicorn-64737.exeUnicorn-57960.exeUnicorn-62236.exeUnicorn-65334.exeUnicorn-14742.exeUnicorn-34608.exeUnicorn-55028.exeUnicorn-35162.exeUnicorn-28386.exeUnicorn-40830.exeUnicorn-10103.exeUnicorn-25048.exeUnicorn-29179.exeUnicorn-26487.exeUnicorn-26487.exeUnicorn-41431.exeUnicorn-38931.exeUnicorn-43015.exeUnicorn-57960.exeUnicorn-16373.exeUnicorn-31317.exeUnicorn-24541.exeUnicorn-32709.exeUnicorn-36601.exeUnicorn-51546.exeUnicorn-62449.exeUnicorn-44167.exeUnicorn-28385.exeUnicorn-48251.exeUnicorn-63196.exeUnicorn-36684.exeUnicorn-22486.exeUnicorn-61380.exeUnicorn-30654.exeUnicorn-65464.exeUnicorn-34738.exeUnicorn-49683.exeUnicorn-18956.exeUnicorn-53767.exeUnicorn-8095.exeUnicorn-12179.exeUnicorn-27124.exeUnicorn-51074.exeUnicorn-1058.exeUnicorn-58640.exeUnicorn-8048.exeUnicorn-5355.exeUnicorn-24384.exeUnicorn-25584.exe

pid	process
2468	Unicorn-35324.exe
2396	Unicorn-46268.exe
2700	Unicorn-596.exe
2784	Unicorn-7612.exe
2360	Unicorn-58204.exe
2208	Unicorn-8764.exe
1920	Unicorn-44966.exe
1884	Unicorn-14239.exe
2440	Unicorn-55355.exe
1808	Unicorn-14898.exe
1860	Unicorn-29843.exe
3060	Unicorn-18983.exe
2892	Unicorn-33949.exe
2452	Unicorn-31488.exe
1080	Unicorn-45708.exe
588	Unicorn-64737.exe
2804	Unicorn-57960.exe
2212	Unicorn-62236.exe
1384	Unicorn-65334.exe
1588	Unicorn-14742.exe
948	Unicorn-34608.exe
1776	Unicorn-55028.exe
2092	Unicorn-35162.exe
872	Unicorn-28386.exe
1604	Unicorn-40830.exe
1696	Unicorn-10103.exe
1056	Unicorn-25048.exe
2060	Unicorn-29179.exe
2800	Unicorn-26487.exe
2888	Unicorn-26487.exe
2796	Unicorn-41431.exe
2756	Unicorn-38931.exe
2532	Unicorn-43015.exe
1564	Unicorn-57960.exe
2124	Unicorn-16373.exe
268	Unicorn-31317.exe
2164	Unicorn-24541.exe
1724	Unicorn-32709.exe
236	Unicorn-36601.exe
2008	Unicorn-51546.exe
1872	Unicorn-62449.exe
2844	Unicorn-44167.exe
536	Unicorn-28385.exe
788	Unicorn-48251.exe
1796	Unicorn-63196.exe
444	Unicorn-36684.exe
1760	Unicorn-22486.exe
2880	Unicorn-61380.exe
1244	Unicorn-30654.exe
3032	Unicorn-65464.exe
2072	Unicorn-34738.exe
1628	Unicorn-49683.exe
2928	Unicorn-18956.exe
1788	Unicorn-53767.exe
2588	Unicorn-8095.exe
1316	Unicorn-12179.exe
2872	Unicorn-27124.exe
2640	Unicorn-51074.exe
2760	Unicorn-1058.exe
1868	Unicorn-58640.exe
2808	Unicorn-8048.exe
2284	Unicorn-5355.exe
2476	Unicorn-24384.exe
1704	Unicorn-25584.exe

Loads dropped DLL 64 IoCs

Processes:

6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exeUnicorn-35324.exeUnicorn-596.exeWerFault.exeWerFault.exeUnicorn-46268.exeUnicorn-7612.exeUnicorn-58204.exeWerFault.exeWerFault.exeUnicorn-8764.exeUnicorn-44966.exeUnicorn-14239.exeWerFault.exeWerFault.exeUnicorn-55355.exe

pid	process
2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
2468	Unicorn-35324.exe
2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
2468	Unicorn-35324.exe
2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
2468	Unicorn-35324.exe
2468	Unicorn-35324.exe
2700	Unicorn-596.exe
2700	Unicorn-596.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2672	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2396	Unicorn-46268.exe
2396	Unicorn-46268.exe
2784	Unicorn-7612.exe
2360	Unicorn-58204.exe
2784	Unicorn-7612.exe
2360	Unicorn-58204.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
2208	Unicorn-8764.exe
2208	Unicorn-8764.exe
1920	Unicorn-44966.exe
2784	Unicorn-7612.exe
1920	Unicorn-44966.exe
2784	Unicorn-7612.exe
1884	Unicorn-14239.exe
1884	Unicorn-14239.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2440	Unicorn-55355.exe
2440	Unicorn-55355.exe
2208	Unicorn-8764.exe
2208	Unicorn-8764.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3048	2108	WerFault.exe	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
2672	2700	WerFault.exe	Unicorn-596.exe
2964	2468	WerFault.exe	Unicorn-35324.exe
1896	2360	WerFault.exe	Unicorn-58204.exe
1452	2396	WerFault.exe	Unicorn-46268.exe
2840	1884	WerFault.exe	Unicorn-14239.exe
2288	2784	WerFault.exe	Unicorn-7612.exe
1088	3060	WerFault.exe	Unicorn-18983.exe
2344	2208	WerFault.exe	Unicorn-8764.exe
708	1920	WerFault.exe	Unicorn-44966.exe
2240	2804	WerFault.exe	Unicorn-57960.exe
2140	2440	WerFault.exe	Unicorn-55355.exe
2728	1808	WerFault.exe	Unicorn-14898.exe
2776	1860	WerFault.exe	Unicorn-29843.exe
1980	1604	WerFault.exe	Unicorn-40830.exe
2316	2892	WerFault.exe	Unicorn-33949.exe
1224	2452	WerFault.exe	Unicorn-31488.exe
2596	1080	WerFault.exe	Unicorn-45708.exe
1856	588	WerFault.exe	Unicorn-64737.exe
532	2212	WerFault.exe	Unicorn-62236.exe
1632	2164	WerFault.exe	Unicorn-24541.exe
2772	1564	WerFault.exe	Unicorn-57960.exe
1600	1384	WerFault.exe	Unicorn-65334.exe
1552	1588	WerFault.exe	Unicorn-14742.exe
2000	948	WerFault.exe	Unicorn-34608.exe
2180	2092	WerFault.exe	Unicorn-35162.exe
2380	1776	WerFault.exe	Unicorn-55028.exe
676	872	WerFault.exe	Unicorn-28386.exe
888	1056	WerFault.exe	Unicorn-25048.exe
868	1696	WerFault.exe	Unicorn-10103.exe
2956	1760	WerFault.exe	Unicorn-22486.exe
2376	3032	WerFault.exe	Unicorn-65464.exe
876	1244	WerFault.exe	Unicorn-30654.exe
1688	2060	WerFault.exe	Unicorn-29179.exe
2768	2800	WerFault.exe	Unicorn-26487.exe
2504	2888	WerFault.exe	Unicorn-26487.exe
1296	2796	WerFault.exe	Unicorn-41431.exe
1720	2532	WerFault.exe	Unicorn-43015.exe
2188	236	WerFault.exe	Unicorn-36601.exe
2328	2756	WerFault.exe	Unicorn-38931.exe
2664	268	WerFault.exe	Unicorn-31317.exe
2488	2124	WerFault.exe	Unicorn-16373.exe
1540	1724	WerFault.exe	Unicorn-32709.exe
1768	2008	WerFault.exe	Unicorn-51546.exe
3268	2540	WerFault.exe	Unicorn-62532.exe
3376	1872	WerFault.exe	Unicorn-62449.exe
3400	2844	WerFault.exe	Unicorn-44167.exe
3460	536	WerFault.exe	Unicorn-28385.exe
3476	1796	WerFault.exe	Unicorn-63196.exe
3568	444	WerFault.exe	Unicorn-36684.exe
3656	788	WerFault.exe	Unicorn-48251.exe
3748	2880	WerFault.exe	Unicorn-61380.exe
3772	2072	WerFault.exe	Unicorn-34738.exe
3804	2760	WerFault.exe	Unicorn-1058.exe
3796	1316	WerFault.exe	Unicorn-12179.exe
3852	2944	WerFault.exe	Unicorn-9823.exe
3160	2928	WerFault.exe	Unicorn-18956.exe
3220	2640	WerFault.exe	Unicorn-51074.exe
3992	2872	WerFault.exe	Unicorn-27124.exe
3236	1788	WerFault.exe	Unicorn-53767.exe
3728	2588	WerFault.exe	Unicorn-8095.exe
3956	1628	WerFault.exe	Unicorn-49683.exe
4216	1868	WerFault.exe	Unicorn-58640.exe
4332	640	WerFault.exe	Unicorn-8240.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exeUnicorn-35324.exeUnicorn-46268.exeUnicorn-596.exeUnicorn-7612.exeUnicorn-58204.exeUnicorn-8764.exeUnicorn-44966.exeUnicorn-14239.exeUnicorn-55355.exeUnicorn-14898.exeUnicorn-29843.exeUnicorn-18983.exeUnicorn-33949.exeUnicorn-31488.exeUnicorn-45708.exeUnicorn-64737.exeUnicorn-57960.exeUnicorn-62236.exeUnicorn-65334.exeUnicorn-34608.exeUnicorn-14742.exeUnicorn-55028.exeUnicorn-35162.exeUnicorn-28386.exeUnicorn-40830.exeUnicorn-10103.exeUnicorn-25048.exeUnicorn-29179.exeUnicorn-26487.exeUnicorn-26487.exeUnicorn-41431.exeUnicorn-38931.exeUnicorn-43015.exeUnicorn-57960.exeUnicorn-16373.exeUnicorn-31317.exeUnicorn-24541.exeUnicorn-32709.exeUnicorn-36601.exeUnicorn-51546.exeUnicorn-62449.exeUnicorn-44167.exeUnicorn-28385.exeUnicorn-48251.exeUnicorn-63196.exeUnicorn-36684.exeUnicorn-22486.exeUnicorn-61380.exeUnicorn-30654.exeUnicorn-65464.exeUnicorn-34738.exeUnicorn-49683.exeUnicorn-53767.exeUnicorn-8095.exeUnicorn-12179.exeUnicorn-27124.exeUnicorn-51074.exeUnicorn-1058.exeUnicorn-58640.exeUnicorn-8048.exeUnicorn-5355.exeUnicorn-24384.exeUnicorn-25584.exe

pid	process
2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
2468	Unicorn-35324.exe
2396	Unicorn-46268.exe
2700	Unicorn-596.exe
2784	Unicorn-7612.exe
2360	Unicorn-58204.exe
2208	Unicorn-8764.exe
1920	Unicorn-44966.exe
1884	Unicorn-14239.exe
2440	Unicorn-55355.exe
1808	Unicorn-14898.exe
1860	Unicorn-29843.exe
3060	Unicorn-18983.exe
2892	Unicorn-33949.exe
2452	Unicorn-31488.exe
1080	Unicorn-45708.exe
588	Unicorn-64737.exe
2804	Unicorn-57960.exe
2212	Unicorn-62236.exe
1384	Unicorn-65334.exe
948	Unicorn-34608.exe
1588	Unicorn-14742.exe
1776	Unicorn-55028.exe
2092	Unicorn-35162.exe
872	Unicorn-28386.exe
1604	Unicorn-40830.exe
1696	Unicorn-10103.exe
1056	Unicorn-25048.exe
2060	Unicorn-29179.exe
2800	Unicorn-26487.exe
2888	Unicorn-26487.exe
2796	Unicorn-41431.exe
2756	Unicorn-38931.exe
2532	Unicorn-43015.exe
1564	Unicorn-57960.exe
2124	Unicorn-16373.exe
268	Unicorn-31317.exe
2164	Unicorn-24541.exe
1724	Unicorn-32709.exe
236	Unicorn-36601.exe
2008	Unicorn-51546.exe
1872	Unicorn-62449.exe
2844	Unicorn-44167.exe
536	Unicorn-28385.exe
788	Unicorn-48251.exe
1796	Unicorn-63196.exe
444	Unicorn-36684.exe
1760	Unicorn-22486.exe
2880	Unicorn-61380.exe
1244	Unicorn-30654.exe
3032	Unicorn-65464.exe
2072	Unicorn-34738.exe
1628	Unicorn-49683.exe
1788	Unicorn-53767.exe
2588	Unicorn-8095.exe
1316	Unicorn-12179.exe
2872	Unicorn-27124.exe
2640	Unicorn-51074.exe
2760	Unicorn-1058.exe
1868	Unicorn-58640.exe
2808	Unicorn-8048.exe
2284	Unicorn-5355.exe
2476	Unicorn-24384.exe
1704	Unicorn-25584.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exeUnicorn-35324.exeUnicorn-596.exeUnicorn-46268.exeUnicorn-7612.exeUnicorn-58204.exeUnicorn-8764.exeUnicorn-44966.exe

description	pid	process	target process
PID 2108 wrote to memory of 2468	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-35324.exe
PID 2108 wrote to memory of 2468	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-35324.exe
PID 2108 wrote to memory of 2468	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-35324.exe
PID 2108 wrote to memory of 2468	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-35324.exe
PID 2468 wrote to memory of 2700	2468	Unicorn-35324.exe	Unicorn-596.exe
PID 2468 wrote to memory of 2700	2468	Unicorn-35324.exe	Unicorn-596.exe
PID 2468 wrote to memory of 2700	2468	Unicorn-35324.exe	Unicorn-596.exe
PID 2468 wrote to memory of 2700	2468	Unicorn-35324.exe	Unicorn-596.exe
PID 2108 wrote to memory of 2396	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-46268.exe
PID 2108 wrote to memory of 2396	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-46268.exe
PID 2108 wrote to memory of 2396	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-46268.exe
PID 2108 wrote to memory of 2396	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	Unicorn-46268.exe
PID 2108 wrote to memory of 3048	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	WerFault.exe
PID 2108 wrote to memory of 3048	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	WerFault.exe
PID 2108 wrote to memory of 3048	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	WerFault.exe
PID 2108 wrote to memory of 3048	2108	6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe	WerFault.exe
PID 2468 wrote to memory of 2784	2468	Unicorn-35324.exe	Unicorn-7612.exe
PID 2468 wrote to memory of 2784	2468	Unicorn-35324.exe	Unicorn-7612.exe
PID 2468 wrote to memory of 2784	2468	Unicorn-35324.exe	Unicorn-7612.exe
PID 2468 wrote to memory of 2784	2468	Unicorn-35324.exe	Unicorn-7612.exe
PID 2700 wrote to memory of 2360	2700	Unicorn-596.exe	Unicorn-58204.exe
PID 2700 wrote to memory of 2360	2700	Unicorn-596.exe	Unicorn-58204.exe
PID 2700 wrote to memory of 2360	2700	Unicorn-596.exe	Unicorn-58204.exe
PID 2700 wrote to memory of 2360	2700	Unicorn-596.exe	Unicorn-58204.exe
PID 2700 wrote to memory of 2672	2700	Unicorn-596.exe	WerFault.exe
PID 2700 wrote to memory of 2672	2700	Unicorn-596.exe	WerFault.exe
PID 2700 wrote to memory of 2672	2700	Unicorn-596.exe	WerFault.exe
PID 2700 wrote to memory of 2672	2700	Unicorn-596.exe	WerFault.exe
PID 2468 wrote to memory of 2964	2468	Unicorn-35324.exe	WerFault.exe
PID 2468 wrote to memory of 2964	2468	Unicorn-35324.exe	WerFault.exe
PID 2468 wrote to memory of 2964	2468	Unicorn-35324.exe	WerFault.exe
PID 2468 wrote to memory of 2964	2468	Unicorn-35324.exe	WerFault.exe
PID 2396 wrote to memory of 2208	2396	Unicorn-46268.exe	Unicorn-8764.exe
PID 2396 wrote to memory of 2208	2396	Unicorn-46268.exe	Unicorn-8764.exe
PID 2396 wrote to memory of 2208	2396	Unicorn-46268.exe	Unicorn-8764.exe
PID 2396 wrote to memory of 2208	2396	Unicorn-46268.exe	Unicorn-8764.exe
PID 2784 wrote to memory of 1920	2784	Unicorn-7612.exe	Unicorn-44966.exe
PID 2784 wrote to memory of 1920	2784	Unicorn-7612.exe	Unicorn-44966.exe
PID 2784 wrote to memory of 1920	2784	Unicorn-7612.exe	Unicorn-44966.exe
PID 2784 wrote to memory of 1920	2784	Unicorn-7612.exe	Unicorn-44966.exe
PID 2360 wrote to memory of 1884	2360	Unicorn-58204.exe	Unicorn-14239.exe
PID 2360 wrote to memory of 1884	2360	Unicorn-58204.exe	Unicorn-14239.exe
PID 2360 wrote to memory of 1884	2360	Unicorn-58204.exe	Unicorn-14239.exe
PID 2360 wrote to memory of 1884	2360	Unicorn-58204.exe	Unicorn-14239.exe
PID 2360 wrote to memory of 1896	2360	Unicorn-58204.exe	WerFault.exe
PID 2360 wrote to memory of 1896	2360	Unicorn-58204.exe	WerFault.exe
PID 2360 wrote to memory of 1896	2360	Unicorn-58204.exe	WerFault.exe
PID 2360 wrote to memory of 1896	2360	Unicorn-58204.exe	WerFault.exe
PID 2396 wrote to memory of 1452	2396	Unicorn-46268.exe	WerFault.exe
PID 2396 wrote to memory of 1452	2396	Unicorn-46268.exe	WerFault.exe
PID 2396 wrote to memory of 1452	2396	Unicorn-46268.exe	WerFault.exe
PID 2396 wrote to memory of 1452	2396	Unicorn-46268.exe	WerFault.exe
PID 2208 wrote to memory of 2440	2208	Unicorn-8764.exe	Unicorn-55355.exe
PID 2208 wrote to memory of 2440	2208	Unicorn-8764.exe	Unicorn-55355.exe
PID 2208 wrote to memory of 2440	2208	Unicorn-8764.exe	Unicorn-55355.exe
PID 2208 wrote to memory of 2440	2208	Unicorn-8764.exe	Unicorn-55355.exe
PID 1920 wrote to memory of 1808	1920	Unicorn-44966.exe	Unicorn-14898.exe
PID 1920 wrote to memory of 1808	1920	Unicorn-44966.exe	Unicorn-14898.exe
PID 1920 wrote to memory of 1808	1920	Unicorn-44966.exe	Unicorn-14898.exe
PID 1920 wrote to memory of 1808	1920	Unicorn-44966.exe	Unicorn-14898.exe
PID 2784 wrote to memory of 1860	2784	Unicorn-7612.exe	Unicorn-29843.exe
PID 2784 wrote to memory of 1860	2784	Unicorn-7612.exe	Unicorn-29843.exe
PID 2784 wrote to memory of 1860	2784	Unicorn-7612.exe	Unicorn-29843.exe
PID 2784 wrote to memory of 1860	2784	Unicorn-7612.exe	Unicorn-29843.exe

C:\Users\Admin\AppData\Local\Temp\6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe
"C:\Users\Admin\AppData\Local\Temp\6cea5a849414b9501e87721bc5c548658299e99a301bd34899c4c3482ece27c7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
11⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
12⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
13⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
14⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
15⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-18426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18426.exe
16⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
17⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
17⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
16⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
15⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
14⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
13⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
12⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
11⤵
- Program crash
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
10⤵
- Program crash
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
9⤵
- Program crash
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
8⤵
- Program crash
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
7⤵
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
6⤵
- Loads dropped DLL
- Program crash
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
10⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20213.exe
11⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
12⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
13⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
14⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
15⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
16⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
16⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
14⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
13⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
12⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
11⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
12⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
13⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
14⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
15⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
15⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
14⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
13⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
12⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
11⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
12⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
13⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
14⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
15⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
15⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 236
13⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
12⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
11⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
10⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
9⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
11⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
12⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
13⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
14⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
15⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
15⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
14⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
13⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
12⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
11⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
10⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
11⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
12⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
13⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
14⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
14⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
13⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
12⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
10⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
9⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
9⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
11⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
12⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
13⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
14⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
15⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 220
15⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
14⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
13⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
12⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
11⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
12⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
13⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
14⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 236
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
10⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
9⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
8⤵
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
9⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
11⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
12⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
13⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
14⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
15⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11204 -s 216
15⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 236
14⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
13⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
12⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
11⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
10⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
9⤵
- Program crash
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
8⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
7⤵
- Program crash
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
9⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
10⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
11⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
12⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
13⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-42079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42079.exe
14⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
15⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
15⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
14⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
13⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
12⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
11⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
10⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
12⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
13⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
14⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 216
14⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
13⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
11⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
10⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
9⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
12⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
13⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
13⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
12⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
8⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
8⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
11⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
12⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-32157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32157.exe
13⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
14⤵
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
14⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
13⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
12⤵
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
10⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
10⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-23605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23605.exe
12⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
13⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 220
12⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
11⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
8⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
- Program crash
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
10⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
11⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
12⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
13⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
14⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 220
14⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
12⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
11⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
10⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
9⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
8⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
10⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
11⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
12⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
14⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
13⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 236
12⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
11⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
9⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
8⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15662.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
11⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
12⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
13⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
13⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
12⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 236
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
11⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
12⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
8⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
7⤵
- Program crash
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
10⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
12⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
13⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
14⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
14⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
13⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
11⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
11⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
12⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-25930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25930.exe
13⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
13⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
8⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
7⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
9⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
9⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
11⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
12⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 216
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
11⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
10⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
8⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
7⤵
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
6⤵
- Program crash
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
5⤵
- Program crash
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
9⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
8⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
11⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
13⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
14⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 236
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
12⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
9⤵
- Program crash
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 240
8⤵
- Program crash
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
7⤵
- Executes dropped EXE
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
8⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
11⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
12⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
13⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
14⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
14⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
12⤵
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
11⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
11⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
12⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45327.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
13⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 236
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
9⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 220
8⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
7⤵
- Program crash
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
11⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
13⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
9⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
11⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
12⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
7⤵
- Program crash
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
10⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
11⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
12⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
13⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
14⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 236
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
12⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
11⤵
PID:8336

C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
12⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
13⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
11⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
12⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
13⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 236
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
8⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
7⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
11⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
13⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
12⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
8⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
7⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
7⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
11⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
12⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
13⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 236
13⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
10⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55198.exe
12⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
10⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
8⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
6⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
5⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 376
7⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9330.exe
9⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
12⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
13⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
14⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
14⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
13⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
12⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
11⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
10⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
12⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
13⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
11⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
9⤵
- Program crash
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
12⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
13⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
13⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 220
12⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 236
11⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
8⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
8⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
12⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
13⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
12⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
11⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
10⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
11⤵
PID:9760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
11⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 236
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
7⤵
- Program crash
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
6⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44167.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1162.exe
9⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
11⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
8⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
11⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-33117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33117.exe
12⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 236
13⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
8⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
10⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
10⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
11⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
12⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 220
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
11⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
10⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
11⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
13⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
13⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
11⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe
12⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
11⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 220
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
7⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
10⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
11⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
12⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
7⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
6⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
5⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
8⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
10⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 200
11⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60947.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
12⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
13⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
11⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
12⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
13⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
12⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
11⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
11⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
13⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 236
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
10⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
11⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
12⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 216
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
11⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 236
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
8⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
7⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
7⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
11⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
12⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44020.exe
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
13⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65114.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
12⤵
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
7⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
10⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
11⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
6⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
7⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17943.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
12⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
13⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
13⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
11⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
12⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
12⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
7⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
10⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
11⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
12⤵
PID:2244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
8⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
7⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
6⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
7⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
9⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
11⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
12⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 216
12⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
8⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
7⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
8⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
9⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
10⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
11⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
11⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
10⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
8⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
7⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
6⤵
- Program crash
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
5⤵
- Program crash
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
4⤵
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
2⤵
- Program crash
PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe

Filesize
184KB

MD5
c7a7b05a0a31763487c7648bdf123715

SHA1
01fe3ba9b11ebbfff1ea3f711773e8c07da3787b

SHA256
ff0e4c9641d7ad991de75efe2e5fef4aadc52fb8e714165046fe4bcba2bfe7d3

SHA512
4c448089d609dab7b1bee551b4104f982db303f4a110bee2be8504920f7d6924364c15e49965fe33f56420315b2d71e7d0e733f6acaa7cd2b0766423d57e8a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe

Filesize
184KB

MD5
710850c2e91ad790e86f9365f5f9354a

SHA1
3b8aca6b121e0ae0e4b74f6737c376aa345b541e

SHA256
436b7adeab900b6c452ba4f64cb9798614a984512450490f3575cddbebe82a1b

SHA512
e551210f51264cd1e6e4b90e82c4d7eb340950bf54fb344960f0ad1bb6aa400f0253b06465c72a48cd07c58c2b409c7cbc15db93635f70c0c5166feeaa84e00d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe

Filesize
184KB

MD5
fb5ce68562738d9fba9c649f61fc3b30

SHA1
b3c1251dd7b910e966500b0aa6231d9fd43f4cc3

SHA256
69455bb5c86e56e291900ed9543ad5ad3d64ac7a69c6f385163ade000fcad3a3

SHA512
ab8f511d594173891c53b4838cbeaab66287a94ee042bcc6c672481de43d870e80cbdf21dd706ed80025436dd562a102fe2703dfaebc035a649b832cc49996c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe

Filesize
184KB

MD5
f31da571212327e890a7689913052a4c

SHA1
b5a706c296a0274d3c3d4b5cc5ab8acb28531c02

SHA256
00508397bbc426ffe0eafaf60ff89d1deecd2a8275f31918d0defea989b6843f

SHA512
3355ca010f32dba4b05b0e22c84531453508b85d0415901a3be809879f057628a044e539a9913703309dded2f8f073177e8d72eadb72ba2f6ae97b8ba84d2ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe

Filesize
184KB

MD5
ed73acc4a4b8e37dd907b1d8f0ec3977

SHA1
cae9e4421425130753dd02a92985caf4e604732f

SHA256
72b0b48d9bb9d8ad95d8ae197ba92a5937342ef2c56b31dbabec7fa7d5ed6dd3

SHA512
dcf7734d263632c6461d16b1af7f8d29789b0cc96534cc511dd81830cd2d77a15cf8c9d33ad3a7e1d50dd5b0139017930a2431c2e23bb319cf426eff60841911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe

Filesize
184KB

MD5
741230655cefccbbe37f3dea0f421229

SHA1
f035f2ab7f07bd619683ac6d957e1e79564261db

SHA256
b6689772ae089c4dfbe6babe5d3478f4b99142d1f1889c26a17f18a5ca848ad6

SHA512
7cb76e35e3c3ef162b4972152ca925ebdf952ee61a92ea429eda3f6525b224d6b649889d79acea4c94b46bc6fa40c1ab6c2b8544200d55372a05179d5f13342d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7612.exe

Filesize
184KB

MD5
fd6cef5538afa47fc0913d15e26268c4

SHA1
f92c01d3f1f40206a27d4dc727b198031d098d68

SHA256
7101f01f7f31c8f56042a53d72a0cddb27a19e5e7e2819e39792eb32e14a963c

SHA512
b11f31c3ddc1fe8ea9ddad03d5cca5886e73ddbb4cf62faf3c19d6af6359c41684d6f83aacdfbe9c38ec1cd15636c1e73ee5ccd1fb6a0d5e35fde23ba0f131bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe

Filesize
184KB

MD5
e2273f1a58655fb49edf31046b1a9576

SHA1
db5fb685ba5fdd4361e19aa43c5865f156a562db

SHA256
19e01b6945e722f9537de1dca77ff0b662ed6ef5e39f596191be2c7620468dcd

SHA512
87ef73500701d9d56eddcd584364e1acb151f4ca32ccbe9ec37a8b73d0163fc126a465d8f9cb4f4f195a2aa80dc552113c293b4be1726937d4274ffab3791844

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe

Filesize
184KB

MD5
24e97b722940f41204fc974e45bccef3

SHA1
5872d031edaa779197f49f1e56a569a263d87339

SHA256
0346a9e8b9de4330f1f703b49fb2e45bddff39fff6236b91d2d9b193d102a734

SHA512
98d4d533b88788e1a95defe3e9d296d0f4bb6432bec5f0fc39899949e9c9f14d20473945b1e90a37a998c0d0a81e872a2c54c06ab5585b44277bf5d6b09e2686

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29843.exe

Filesize
184KB

MD5
81ce9c3233a6975ef16eb008df1e667e

SHA1
646466e1f8bf13503b1ff02015f590a63ac13367

SHA256
026a860ee112d5995025b5e7bcd86ddfd18b0d9d8e8a2f7662e6cb5dc85ad48a

SHA512
dc1090689a2d4d0170aba4460c0605f052f901def8c287e6081cb4fba506cc4b2b5a6e4d0e4f88f8aa0f58048af348035669e2f9eebf4dc4992e50058c395ea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe

Filesize
184KB

MD5
4141da7fb136911ca53bacf746e1377f

SHA1
b16f96aeb72ffa91b5f3721cf836f4d2cb8c686d

SHA256
35324dcf5b13537843a19369e9a1f4f37664f58fd878942e365f053d4ed12291

SHA512
e0f5107b968b6992e6a789fa84a6d2e4016182d01ccf831bc628387aee137e7da8b4c065115e05e4e507a960967fa1ed12d030a8f344bf544c05541f8da26dde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe

Filesize
184KB

MD5
f438437d518966a0c3e3e09289d8f8d6

SHA1
fa10814763c14a82d45c4364e7a3d10aa91b35f8

SHA256
b0660c9e4b08d10def399b961f5e03bf0177ca6ccb0618b56e8b910e07bb029e

SHA512
f326baf51adcbef062aa294da4f9a76cd8581e6b19d77d61ff8442b81c529bb5737ea2f5864e2a9f5af7a2f1735b431ea50f5a676528987592d2399a92f579e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe

Filesize
184KB

MD5
a4030cc9a121ca72ae29c96febcc3f6f

SHA1
b39a667dab27393865215bb3205f6569bc6b771d

SHA256
6412bc0ca563ea3cd8cc420b918308da94e2bbd238044e40e3a92a652f46c147

SHA512
7d0a02cfd2d955ac95efb4fe75ac68d7e136414d2697659043da924b82816655639b0e8d65f4996b189badfb10502c925714322331193b4337d317fab442a4e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe

Filesize
184KB

MD5
cb8fbbf01649be767dd1e7c2a0004539

SHA1
488a635b420ea7ec51006df15cdf37caf9bd026a

SHA256
a66a2d6700a9eec47adf6ebe389c80eac34bb407f2b95a3edce76c5204273c87

SHA512
ac9a496198d628903b01ecef8657fe8042523f80de71d75655793a67d14b5e76177dadc45212cc0621248fa18d680d371c396814c7995c9f9ae22b7bc502dd82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe

Filesize
184KB

MD5
3d0c7fb97097070ccff3fd0dcf03dab5

SHA1
e2d1fb696a33048081a0ab39cd996eefe6e57845

SHA256
16e1dc2e9a35a785b4497d157c7621ae68c1cb621f51cf01fdcfdb5ac0640397

SHA512
079573030a86af4d7e8f68a8588e18694109fb01efb99ec1404a60025c1b1a362e1c3120b97e5b67baceac459565a2ce5fa634d09cd52db695e22389d526d2b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe

Filesize
184KB

MD5
db6e09b44d6ca24112a04f4a3be92557

SHA1
96c2d79a2e67f1d3ac0f967d058a596c0dac9e0d

SHA256
9727952da26044f2c6c1ac2fd0441f91f50c172ff422e7955cc17b7f2c679352

SHA512
00dcb772407de4b942fc6a88031ebe46b1e5e82ba665353cae8939e2e8018dd17c11fe4adefe0a29297e7cf770b180a6eb511c1b7b80ae075ff2f1ba25300154

Download Submit