955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
Size

184KB
MD5

e0e2678fada8d425b9619a423696f99c
SHA1

9e39d9213871e2d6076513a6007bd88ff50bcae4
SHA256

955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc
SHA512

66bd06954143caa93732895948b0837518b2a981e8ecf05c8e18c71a8cb6cf737e6a535dc5ec4b908c3054cfe2f0966457877638d556ef3cf567d7a8563187eb
SSDEEP

1536:+iZY6jZ5u3L8oRx1ZehAFdwMFM94vZc86mddjOLR2VQetkhl5hj5ZizpaC:RZe3L8o3fehYdFase8OLRtskhlnLiFN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-30957.exeUnicorn-4774.exeUnicorn-24640.exeUnicorn-24348.exeUnicorn-36491.exeUnicorn-16625.exeUnicorn-42500.exeUnicorn-27748.exeUnicorn-13798.exeUnicorn-14374.exeUnicorn-59470.exeUnicorn-57917.exeUnicorn-13122.exeUnicorn-26252.exeUnicorn-45089.exeUnicorn-9998.exeUnicorn-6386.exeUnicorn-28835.exeUnicorn-48701.exeUnicorn-46556.exeUnicorn-43904.exeUnicorn-56665.exeUnicorn-47023.exeUnicorn-59161.exeUnicorn-51631.exeUnicorn-40578.exeUnicorn-33841.exeUnicorn-53707.exeUnicorn-38466.exeUnicorn-20677.exeUnicorn-51211.exeUnicorn-50095.exeUnicorn-18148.exeUnicorn-18148.exeUnicorn-29304.exeUnicorn-47058.exeUnicorn-55179.exeUnicorn-8931.exeUnicorn-32917.exeUnicorn-58251.exeUnicorn-50535.exeUnicorn-16964.exeUnicorn-64816.exeUnicorn-31245.exeUnicorn-64816.exeUnicorn-42014.exeUnicorn-42014.exeUnicorn-51059.exeUnicorn-3887.exeUnicorn-5319.exeUnicorn-49559.exeUnicorn-49559.exeUnicorn-20631.exeUnicorn-40497.exeUnicorn-38385.exeUnicorn-49054.exeUnicorn-56174.exeUnicorn-48042.exeUnicorn-43569.exeUnicorn-43569.exeUnicorn-42033.exeUnicorn-11903.exeUnicorn-26656.exeUnicorn-57575.exe

pid	process
2976	Unicorn-30957.exe
3004	Unicorn-4774.exe
2624	Unicorn-24640.exe
2584	Unicorn-24348.exe
2384	Unicorn-36491.exe
2468	Unicorn-16625.exe
2556	Unicorn-42500.exe
2696	Unicorn-27748.exe
2008	Unicorn-13798.exe
2020	Unicorn-14374.exe
1624	Unicorn-59470.exe
1064	Unicorn-57917.exe
1120	Unicorn-13122.exe
760	Unicorn-26252.exe
316	Unicorn-45089.exe
1564	Unicorn-9998.exe
1936	Unicorn-6386.exe
2248	Unicorn-28835.exe
2252	Unicorn-48701.exe
2352	Unicorn-46556.exe
1924	Unicorn-43904.exe
2876	Unicorn-56665.exe
1868	Unicorn-47023.exe
3024	Unicorn-59161.exe
1504	Unicorn-51631.exe
1260	Unicorn-40578.exe
2428	Unicorn-33841.exe
1704	Unicorn-53707.exe
1744	Unicorn-38466.exe
692	Unicorn-20677.exe
1548	Unicorn-51211.exe
2916	Unicorn-50095.exe
848	Unicorn-18148.exe
2664	Unicorn-18148.exe
2668	Unicorn-29304.exe
2640	Unicorn-47058.exe
2480	Unicorn-55179.exe
280	Unicorn-8931.exe
1288	Unicorn-32917.exe
2812	Unicorn-58251.exe
2840	Unicorn-50535.exe
2196	Unicorn-16964.exe
1636	Unicorn-64816.exe
1440	Unicorn-31245.exe
1236	Unicorn-64816.exe
2012	Unicorn-42014.exe
2368	Unicorn-42014.exe
2188	Unicorn-51059.exe
920	Unicorn-3887.exe
952	Unicorn-5319.exe
1336	Unicorn-49559.exe
768	Unicorn-49559.exe
2776	Unicorn-20631.exe
2120	Unicorn-40497.exe
616	Unicorn-38385.exe
1780	Unicorn-49054.exe
1568	Unicorn-56174.exe
2412	Unicorn-48042.exe
1500	Unicorn-43569.exe
2084	Unicorn-43569.exe
1368	Unicorn-42033.exe
1712	Unicorn-11903.exe
2964	Unicorn-26656.exe
1580	Unicorn-57575.exe

Loads dropped DLL 64 IoCs

Processes:

955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exeUnicorn-30957.exeUnicorn-4774.exeUnicorn-24640.exeWerFault.exeUnicorn-24348.exeUnicorn-36491.exeUnicorn-16625.exeWerFault.exeWerFault.exeUnicorn-42500.exeUnicorn-13798.exeUnicorn-14374.exeUnicorn-59470.exeUnicorn-27748.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
2976	Unicorn-30957.exe
2976	Unicorn-30957.exe
3004	Unicorn-4774.exe
3004	Unicorn-4774.exe
2624	Unicorn-24640.exe
2624	Unicorn-24640.exe
2976	Unicorn-30957.exe
2976	Unicorn-30957.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2584	Unicorn-24348.exe
3004	Unicorn-4774.exe
2584	Unicorn-24348.exe
3004	Unicorn-4774.exe
2384	Unicorn-36491.exe
2384	Unicorn-36491.exe
2468	Unicorn-16625.exe
2624	Unicorn-24640.exe
2624	Unicorn-24640.exe
2468	Unicorn-16625.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
1040	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
2556	Unicorn-42500.exe
2556	Unicorn-42500.exe
2008	Unicorn-13798.exe
2008	Unicorn-13798.exe
2384	Unicorn-36491.exe
2020	Unicorn-14374.exe
2384	Unicorn-36491.exe
2020	Unicorn-14374.exe
1624	Unicorn-59470.exe
1624	Unicorn-59470.exe
2468	Unicorn-16625.exe
2468	Unicorn-16625.exe
2584	Unicorn-24348.exe
2696	Unicorn-27748.exe
2584	Unicorn-24348.exe
2696	Unicorn-27748.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
2364	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
2356	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2600	2904	WerFault.exe	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
2244	2976	WerFault.exe	Unicorn-30957.exe
1040	3004	WerFault.exe	Unicorn-4774.exe
792	2624	WerFault.exe	Unicorn-24640.exe
2364	2584	WerFault.exe	Unicorn-24348.exe
1104	2384	WerFault.exe	Unicorn-36491.exe
2356	2468	WerFault.exe	Unicorn-16625.exe
1972	2556	WerFault.exe	Unicorn-42500.exe
2608	2008	WerFault.exe	Unicorn-13798.exe
2728	2020	WerFault.exe	Unicorn-14374.exe
2736	2696	WerFault.exe	Unicorn-27748.exe
2220	1064	WerFault.exe	Unicorn-57917.exe
2440	1120	WerFault.exe	Unicorn-13122.exe
1992	760	WerFault.exe	Unicorn-26252.exe
1392	1564	WerFault.exe	Unicorn-9998.exe
2880	316	WerFault.exe	Unicorn-45089.exe
1988	2248	WerFault.exe	Unicorn-28835.exe
964	1936	WerFault.exe	Unicorn-6386.exe
2888	2252	WerFault.exe	Unicorn-48701.exe
852	2352	WerFault.exe	Unicorn-46556.exe
888	1924	WerFault.exe	Unicorn-43904.exe
2648	2876	WerFault.exe	Unicorn-56665.exe
3008	1868	WerFault.exe	Unicorn-47023.exe
2644	3024	WerFault.exe	Unicorn-59161.exe
320	1260	WerFault.exe	Unicorn-40578.exe
2112	1744	WerFault.exe	Unicorn-38466.exe
1316	1504	WerFault.exe	Unicorn-51631.exe
2124	2916	WerFault.exe	Unicorn-50095.exe
1856	692	WerFault.exe	Unicorn-20677.exe
1820	1704	WerFault.exe	Unicorn-53707.exe
1996	1548	WerFault.exe	Unicorn-51211.exe
2824	536	WerFault.exe	Unicorn-139.exe
2936	1624	WerFault.exe	Unicorn-59470.exe
3400	2664	WerFault.exe	Unicorn-18148.exe
3428	2668	WerFault.exe	Unicorn-29304.exe
3584	2640	WerFault.exe	Unicorn-47058.exe
3576	2480	WerFault.exe	Unicorn-55179.exe
3824	2012	WerFault.exe	Unicorn-42014.exe
3892	768	WerFault.exe	Unicorn-49559.exe
3988	1236	WerFault.exe	Unicorn-64816.exe
3976	2368	WerFault.exe	Unicorn-42014.exe
4016	1636	WerFault.exe	Unicorn-64816.exe
4028	848	WerFault.exe	Unicorn-18148.exe
3560	920	WerFault.exe	Unicorn-3887.exe
3960	2188	WerFault.exe	Unicorn-51059.exe
4004	1568	WerFault.exe	Unicorn-56174.exe
1476	616	WerFault.exe	Unicorn-38385.exe
3540	1500	WerFault.exe	Unicorn-43569.exe
3652	2656	WerFault.exe	Unicorn-54031.exe
3732	2760	WerFault.exe	Unicorn-8867.exe
3788	2412	WerFault.exe	Unicorn-48042.exe
3796	2076	WerFault.exe	Unicorn-12479.exe
3816	1712	WerFault.exe	Unicorn-11903.exe
4044	2764	WerFault.exe	Unicorn-31805.exe
3868	2084	WerFault.exe	Unicorn-43569.exe
3844	2172	WerFault.exe	Unicorn-17929.exe
3524	3012	WerFault.exe	Unicorn-57820.exe
3876	1792	WerFault.exe	Unicorn-41986.exe
3756	2964	WerFault.exe	Unicorn-26656.exe
3504	2812	WerFault.exe	Unicorn-58251.exe
3692	2052	WerFault.exe	Unicorn-33887.exe
3656	568	WerFault.exe	Unicorn-21142.exe
4100	952	WerFault.exe	Unicorn-5319.exe
4108	2776	WerFault.exe	Unicorn-20631.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exeUnicorn-30957.exeUnicorn-4774.exeUnicorn-24640.exeUnicorn-24348.exeUnicorn-36491.exeUnicorn-16625.exeUnicorn-42500.exeUnicorn-27748.exeUnicorn-13798.exeUnicorn-59470.exeUnicorn-14374.exeUnicorn-57917.exeUnicorn-13122.exeUnicorn-26252.exeUnicorn-9998.exeUnicorn-45089.exeUnicorn-28835.exeUnicorn-48701.exeUnicorn-6386.exeUnicorn-46556.exeUnicorn-43904.exeUnicorn-56665.exeUnicorn-47023.exeUnicorn-59161.exeUnicorn-51631.exeUnicorn-33841.exeUnicorn-40578.exeUnicorn-38466.exeUnicorn-53707.exeUnicorn-20677.exeUnicorn-51211.exeUnicorn-50095.exeUnicorn-18148.exeUnicorn-18148.exeUnicorn-29304.exeUnicorn-55179.exeUnicorn-47058.exeUnicorn-8931.exeUnicorn-32917.exeUnicorn-58251.exeUnicorn-50535.exeUnicorn-16964.exeUnicorn-42014.exeUnicorn-64816.exeUnicorn-49559.exeUnicorn-5319.exeUnicorn-3887.exeUnicorn-64816.exeUnicorn-49559.exeUnicorn-31245.exeUnicorn-42014.exeUnicorn-51059.exeUnicorn-20631.exeUnicorn-38385.exeUnicorn-49054.exeUnicorn-40497.exeUnicorn-56174.exeUnicorn-43569.exeUnicorn-48042.exeUnicorn-43569.exeUnicorn-57575.exeUnicorn-26656.exeUnicorn-42033.exe

pid	process
2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
2976	Unicorn-30957.exe
3004	Unicorn-4774.exe
2624	Unicorn-24640.exe
2584	Unicorn-24348.exe
2384	Unicorn-36491.exe
2468	Unicorn-16625.exe
2556	Unicorn-42500.exe
2696	Unicorn-27748.exe
2008	Unicorn-13798.exe
1624	Unicorn-59470.exe
2020	Unicorn-14374.exe
1064	Unicorn-57917.exe
1120	Unicorn-13122.exe
760	Unicorn-26252.exe
1564	Unicorn-9998.exe
316	Unicorn-45089.exe
2248	Unicorn-28835.exe
2252	Unicorn-48701.exe
1936	Unicorn-6386.exe
2352	Unicorn-46556.exe
1924	Unicorn-43904.exe
2876	Unicorn-56665.exe
1868	Unicorn-47023.exe
3024	Unicorn-59161.exe
1504	Unicorn-51631.exe
2428	Unicorn-33841.exe
1260	Unicorn-40578.exe
1744	Unicorn-38466.exe
1704	Unicorn-53707.exe
692	Unicorn-20677.exe
1548	Unicorn-51211.exe
2916	Unicorn-50095.exe
848	Unicorn-18148.exe
2664	Unicorn-18148.exe
2668	Unicorn-29304.exe
2480	Unicorn-55179.exe
2640	Unicorn-47058.exe
280	Unicorn-8931.exe
1288	Unicorn-32917.exe
2812	Unicorn-58251.exe
2840	Unicorn-50535.exe
2196	Unicorn-16964.exe
2012	Unicorn-42014.exe
1636	Unicorn-64816.exe
1336	Unicorn-49559.exe
952	Unicorn-5319.exe
920	Unicorn-3887.exe
1236	Unicorn-64816.exe
768	Unicorn-49559.exe
1440	Unicorn-31245.exe
2368	Unicorn-42014.exe
2188	Unicorn-51059.exe
2776	Unicorn-20631.exe
616	Unicorn-38385.exe
1780	Unicorn-49054.exe
2120	Unicorn-40497.exe
1568	Unicorn-56174.exe
2084	Unicorn-43569.exe
2412	Unicorn-48042.exe
1500	Unicorn-43569.exe
1580	Unicorn-57575.exe
2964	Unicorn-26656.exe
1368	Unicorn-42033.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exeUnicorn-30957.exeUnicorn-4774.exeUnicorn-24640.exeUnicorn-24348.exeUnicorn-36491.exeUnicorn-16625.exeUnicorn-42500.exe

description	pid	process	target process
PID 2904 wrote to memory of 2976	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-30957.exe
PID 2904 wrote to memory of 2976	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-30957.exe
PID 2904 wrote to memory of 2976	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-30957.exe
PID 2904 wrote to memory of 2976	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-30957.exe
PID 2904 wrote to memory of 3004	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-4774.exe
PID 2904 wrote to memory of 3004	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-4774.exe
PID 2904 wrote to memory of 3004	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-4774.exe
PID 2904 wrote to memory of 3004	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	Unicorn-4774.exe
PID 2976 wrote to memory of 2624	2976	Unicorn-30957.exe	Unicorn-24640.exe
PID 2976 wrote to memory of 2624	2976	Unicorn-30957.exe	Unicorn-24640.exe
PID 2976 wrote to memory of 2624	2976	Unicorn-30957.exe	Unicorn-24640.exe
PID 2976 wrote to memory of 2624	2976	Unicorn-30957.exe	Unicorn-24640.exe
PID 2904 wrote to memory of 2600	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	WerFault.exe
PID 2904 wrote to memory of 2600	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	WerFault.exe
PID 2904 wrote to memory of 2600	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	WerFault.exe
PID 2904 wrote to memory of 2600	2904	955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe	WerFault.exe
PID 3004 wrote to memory of 2584	3004	Unicorn-4774.exe	Unicorn-24348.exe
PID 3004 wrote to memory of 2584	3004	Unicorn-4774.exe	Unicorn-24348.exe
PID 3004 wrote to memory of 2584	3004	Unicorn-4774.exe	Unicorn-24348.exe
PID 3004 wrote to memory of 2584	3004	Unicorn-4774.exe	Unicorn-24348.exe
PID 2624 wrote to memory of 2384	2624	Unicorn-24640.exe	Unicorn-36491.exe
PID 2624 wrote to memory of 2384	2624	Unicorn-24640.exe	Unicorn-36491.exe
PID 2624 wrote to memory of 2384	2624	Unicorn-24640.exe	Unicorn-36491.exe
PID 2624 wrote to memory of 2384	2624	Unicorn-24640.exe	Unicorn-36491.exe
PID 2976 wrote to memory of 2468	2976	Unicorn-30957.exe	Unicorn-16625.exe
PID 2976 wrote to memory of 2468	2976	Unicorn-30957.exe	Unicorn-16625.exe
PID 2976 wrote to memory of 2468	2976	Unicorn-30957.exe	Unicorn-16625.exe
PID 2976 wrote to memory of 2468	2976	Unicorn-30957.exe	Unicorn-16625.exe
PID 2976 wrote to memory of 2244	2976	Unicorn-30957.exe	WerFault.exe
PID 2976 wrote to memory of 2244	2976	Unicorn-30957.exe	WerFault.exe
PID 2976 wrote to memory of 2244	2976	Unicorn-30957.exe	WerFault.exe
PID 2976 wrote to memory of 2244	2976	Unicorn-30957.exe	WerFault.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-24348.exe	Unicorn-27748.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-24348.exe	Unicorn-27748.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-24348.exe	Unicorn-27748.exe
PID 2584 wrote to memory of 2696	2584	Unicorn-24348.exe	Unicorn-27748.exe
PID 3004 wrote to memory of 2556	3004	Unicorn-4774.exe	Unicorn-42500.exe
PID 3004 wrote to memory of 2556	3004	Unicorn-4774.exe	Unicorn-42500.exe
PID 3004 wrote to memory of 2556	3004	Unicorn-4774.exe	Unicorn-42500.exe
PID 3004 wrote to memory of 2556	3004	Unicorn-4774.exe	Unicorn-42500.exe
PID 2384 wrote to memory of 2020	2384	Unicorn-36491.exe	Unicorn-14374.exe
PID 2384 wrote to memory of 2020	2384	Unicorn-36491.exe	Unicorn-14374.exe
PID 2384 wrote to memory of 2020	2384	Unicorn-36491.exe	Unicorn-14374.exe
PID 2384 wrote to memory of 2020	2384	Unicorn-36491.exe	Unicorn-14374.exe
PID 2624 wrote to memory of 1624	2624	Unicorn-24640.exe	Unicorn-59470.exe
PID 2624 wrote to memory of 1624	2624	Unicorn-24640.exe	Unicorn-59470.exe
PID 2624 wrote to memory of 1624	2624	Unicorn-24640.exe	Unicorn-59470.exe
PID 2624 wrote to memory of 1624	2624	Unicorn-24640.exe	Unicorn-59470.exe
PID 2468 wrote to memory of 2008	2468	Unicorn-16625.exe	Unicorn-13798.exe
PID 2468 wrote to memory of 2008	2468	Unicorn-16625.exe	Unicorn-13798.exe
PID 2468 wrote to memory of 2008	2468	Unicorn-16625.exe	Unicorn-13798.exe
PID 2468 wrote to memory of 2008	2468	Unicorn-16625.exe	Unicorn-13798.exe
PID 3004 wrote to memory of 1040	3004	Unicorn-4774.exe	WerFault.exe
PID 3004 wrote to memory of 1040	3004	Unicorn-4774.exe	WerFault.exe
PID 3004 wrote to memory of 1040	3004	Unicorn-4774.exe	WerFault.exe
PID 3004 wrote to memory of 1040	3004	Unicorn-4774.exe	WerFault.exe
PID 2624 wrote to memory of 792	2624	Unicorn-24640.exe	WerFault.exe
PID 2624 wrote to memory of 792	2624	Unicorn-24640.exe	WerFault.exe
PID 2624 wrote to memory of 792	2624	Unicorn-24640.exe	WerFault.exe
PID 2624 wrote to memory of 792	2624	Unicorn-24640.exe	WerFault.exe
PID 2556 wrote to memory of 1064	2556	Unicorn-42500.exe	Unicorn-57917.exe
PID 2556 wrote to memory of 1064	2556	Unicorn-42500.exe	Unicorn-57917.exe
PID 2556 wrote to memory of 1064	2556	Unicorn-42500.exe	Unicorn-57917.exe
PID 2556 wrote to memory of 1064	2556	Unicorn-42500.exe	Unicorn-57917.exe

C:\Users\Admin\AppData\Local\Temp\955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe
"C:\Users\Admin\AppData\Local\Temp\955a0c2f007b6a467412255ec7fcef4ff045d9a8559e4c702e44571792eaa0dc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
9⤵
- Executes dropped EXE
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
10⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
11⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
12⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
13⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
14⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 236
14⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
13⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
12⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
10⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
9⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
12⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 236
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
9⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
12⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
10⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
9⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
11⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
12⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
13⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
12⤵
PID:11144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
9⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
9⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
10⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
11⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
11⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
8⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
7⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
8⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
9⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49822.exe
10⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
11⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
12⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
13⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
14⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
14⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
13⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
12⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
11⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 220
12⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 220
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
8⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
12⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
11⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
9⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
8⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
7⤵
- Program crash
PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
6⤵
- Program crash
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
8⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
9⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
10⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
11⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
12⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
13⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 236
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
12⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
10⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
9⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
8⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
12⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 236
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
7⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
8⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
10⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
11⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
11⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
7⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
8⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
9⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
10⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
10⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
9⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
8⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
7⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
6⤵
- Program crash
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
9⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
11⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
8⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
10⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
10⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
9⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
8⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 224
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
9⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
8⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
7⤵
- Program crash
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
8⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
9⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
10⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
11⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11300 -s 216
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
10⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
7⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-32221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32221.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
10⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
11⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
10⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 236
9⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
8⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
7⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
5⤵
- Program crash
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
9⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
11⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
12⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
13⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
14⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
14⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
13⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
12⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
11⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
10⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
9⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
11⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
12⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
13⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
12⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
11⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
10⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 220
9⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
12⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
13⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
12⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
11⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 220
12⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 240
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 236
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 220
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
8⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
8⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
12⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4696.exe
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 236
13⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 236
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
9⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22749.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
12⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 236
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
8⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
7⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 200
12⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
11⤵
PID:9280

C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 236
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 220
9⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
10⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
11⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 236
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
7⤵
- Program crash
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
6⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
12⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
12⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-24760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24760.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
11⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 240
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
10⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
11⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
7⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
9⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
10⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
11⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
10⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
9⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
8⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
7⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
7⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-45162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45162.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
9⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
10⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
11⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
12⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
10⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
7⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
10⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
10⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 236
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 220
7⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
6⤵
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
5⤵
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10604.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
11⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 200
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
9⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
8⤵
- Program crash
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
6⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
7⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
9⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
10⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
10⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
7⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 220
6⤵
- Program crash
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
6⤵
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 244
7⤵
- Program crash
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
6⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13566.exe
7⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
8⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
9⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
10⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
11⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 236
10⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
9⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
7⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
6⤵
- Program crash
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
5⤵
- Program crash
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51211.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
8⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
9⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
10⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
11⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
12⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
13⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
12⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
8⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
11⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
12⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
8⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5410.exe
8⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
10⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
11⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
12⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
11⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
8⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
11⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
12⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
13⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11580 -s 216
13⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-23234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23234.exe
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
11⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
12⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
13⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
12⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
9⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
10⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 236
10⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
9⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
8⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
7⤵
- Program crash
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
7⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
10⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
11⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
8⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
7⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
6⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
5⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
7⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
8⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-46671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46671.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
12⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
12⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
11⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
8⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
7⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
6⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29052.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
10⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
12⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
12⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
11⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
7⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
8⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
9⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
10⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
11⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
10⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
9⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
8⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
7⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 220
6⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
6⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-61134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61134.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
8⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
9⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
10⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
11⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 236
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
10⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
9⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
7⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3142.exe
6⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
7⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
8⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
9⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
10⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
10⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
9⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
8⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
7⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
6⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
5⤵
- Program crash
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
12⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
12⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
13⤵
PID:12024

C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
14⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12024 -s 236
14⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
13⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
12⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
11⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
10⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
11⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 216
12⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 240
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
8⤵
- Program crash
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
7⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
10⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
11⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
12⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
10⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
11⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
12⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
10⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
10⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
11⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
8⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
9⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
10⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
10⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
8⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
7⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
6⤵
- Program crash
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
7⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
10⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
11⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
11⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
11⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
6⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 244
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
9⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
7⤵
- Program crash
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
6⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
5⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
7⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
8⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
9⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
10⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
11⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 216
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
9⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
7⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
6⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
7⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
8⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
9⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
10⤵
PID:11420

C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11420 -s 216
11⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
10⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
9⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
8⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
7⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
6⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
6⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
7⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
11⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
12⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 372
10⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
9⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
8⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
7⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
6⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
7⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
8⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
9⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
10⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
10⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 236
9⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
8⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
7⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
5⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
4⤵
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
2⤵
- Program crash
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe

Filesize
184KB

MD5
9bd56fea8e7952d16f15a7b9a17ddff2

SHA1
5f46f1b1117e0869ec7ea56a534f45375599e06f

SHA256
0b7543c6c4557442e9183e8b894e7c49320e5f2bb34ba30815c5e5356a299193

SHA512
e582b28736e9dd89978e3079ee5dc3b04acd81c78cb43b8a88e1d1682695c92c5423501deb4ba354b98fdecce2e6d0d1b323de8b364362271d39e09d2728f648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe

Filesize
184KB

MD5
fbc8e0f19619e863f1c342f02285c377

SHA1
74700d400908088888ce19bb17f813ac7c5e0f5e

SHA256
77ededd4f3040bb28a2242ce1099e5f12c17b7398c38f342d7cd62976c82a749

SHA512
67ab0673491e95cf28d2a13fafb5741ce4a67339debb04e1d662d3456fb081553dac34b7070e5adf40e603deadfabf0566353e3cfa94818265bb023d34e2c325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe

Filesize
184KB

MD5
1f973b8b6764dc62b6207a8fee691122

SHA1
42027dd1c76e5dcf2a7b11b5959e3c3d2aac3bde

SHA256
82c19262b860cf67e85d1d02822124463074a42f6661347f2f92e6d191144969

SHA512
7b60481e368588ade680f9c4b512d39e0a5781eca4d1b8a7363af211aa6def99d02e36173ce6f0529c92e723bfef16c1356b74949e607ee6aae2dfa940b1651d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe

Filesize
184KB

MD5
056d1c656ddab1e7d4d8ba1f21bf8142

SHA1
8ec3f5a390878d23ed689de664bce4d82b413e20

SHA256
f8aee1a0486ae364d722196749ea1ae44b14a4420739db3e5699459551cc49e6

SHA512
093c1fe38ae0f843771df54b327c0c09ac634ff884cccf08da61c1c98c8001df8e8c0928484de9c583e96b3e9e4fbc321c85a6c244f7846204539334fff86108

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe

Filesize
184KB

MD5
42932c7a8b79e4c7adb30d53a607b92b

SHA1
0e6652b6ba281808357a9f10da11017c1efa3408

SHA256
97e170f91c9f02a61a8e3fd43b9837ca272b60030869ff0b081227bdca65adf2

SHA512
3b67cfc205ea18f36478a1fae0c0253b740d47d5c05065b3da32407b8e023192c176fffc6947af7e95fbcfd2e7513da8dca03212752a78473157fd2ff2b0c29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe

Filesize
184KB

MD5
0de213eae0bf9cace3deea3117c17fce

SHA1
7ec53a3cdd741b03b230054f2dc1038557052e97

SHA256
a05649d842e2abde4a5493e6b332c5b8507a121cb25e47d5724d6deada55e91c

SHA512
66b3d9522cf6e58dcb41592886bceca8bbb945dfcef4337f827b5d1488681b1a94abaedc3a311610914e43d6498a39957a0f5a021c3b2337453327cc95f05243

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe

Filesize
184KB

MD5
6d292606a7121a6ddecd47cbaf6c7ef6

SHA1
a1a05755c1a16b9e900661c0afb9420330a39757

SHA256
d1f8653fcce73197afdc44eee2754a8a2ba62670618396e4fc16a663b7987dff

SHA512
c02ab6591caf8c8a3693de0e2875e86c2eceb603112b8d3abf1500c4b5fd678b9cd8fce7f31d4deec45ebc7a154cd1f6ab7b39b42ca452e1284ac97443f3390a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe

Filesize
184KB

MD5
7d4212c9ea7728975c8bc64f69b670ad

SHA1
abae0edf2109304a86713c3da9dac53e8bfa46d5

SHA256
8385abcd3e2175ed6e051689775a3e77c49f6041e3b05f94eec96cd4036559c1

SHA512
d878e1c40e6f11dfcbc399e541e7ca9a0c45ae03150309df06d06f07dcb5d39e50cd1d8ac27f38777c095a7dd38c7cb1a15425b37a9b75e286843e3f557513c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe

Filesize
184KB

MD5
d9b898b5036c5efc4ba758fc2e2785e5

SHA1
261eb1396c3f561b3015907e9d5524d5f5c99302

SHA256
137af79648f284640004f7ed6b85babffe439375f225337f35234b0dae730adb

SHA512
b67cc6045fabb6cd2fef3f38f2e86e47b7082eb681894ddde90f5074a472b954afd8e2efeeff5d7102805773dc280aee247d54e94793790665d610c4d198c0b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe

Filesize
184KB

MD5
0217f85babab15efec39f91846ffa832

SHA1
e14d14c6ba464c59f58642303613b62a46c235fd

SHA256
f0abf1b17c8b5f669338c174d83ddf5ad5680a2bb9bf7aaf2d18ee57d0b50fce

SHA512
f38bdb5b97a9d01f9e0275f8c27ef6203bfadd48f15889d93a9528726e6e9f5f49984f936de6ab0d11e7b661f51a1f33301d8424928ce424fd568decdb6b2f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe

Filesize
184KB

MD5
7dabe2535fec45de1c5ccc1efeee4033

SHA1
0baa4602edd8f73e4bb1b16230b300120c2fba1b

SHA256
ecb1b49bdbd708f6a1c9a656c0441a0b298f8690491aec96f7a3cc88d3eccbff

SHA512
642209d4caa7f51cce9b3343229ac99897d1852aef8bf852121eba842a3808d976c86210e1a2afbeddeb761c7460e29f9badc3c7180828a24cf59d25ffc6c061

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe

Filesize
184KB

MD5
4846347ba2b9116ec119e999b329e333

SHA1
dd041fe971e00345b39f0f5f519c61e24f5dfed8

SHA256
4f7c44ae9abe7ef26dfac260b1f320cbf879ac3a1c4004de70670cd96ae55a7a

SHA512
316d842348219e4a8ee65095cf2e6f84a579e9a5008e7a7e2455112559fcf9e640c25711799be2f86b9399290139545cf4b9ab0fc73b25aee6c78e86e1d013ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe

Filesize
184KB

MD5
7f1f31a8ed0df796c51e08c5621ba6a3

SHA1
b211bd1411631ece2de212793358c9e70d64aea9

SHA256
5255a697e163e5d3119b1d98fa528ba9a945cb048d7a3bdaa9bf4c2ae5c6c211

SHA512
80eefab28432b6619ff0044ffcb1c317a81f01355eda650b93197f21cf14b936ec6bfd58686e64bff61f92556272ccdddcacd6e14eda62fabc3350473ff93b23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe

Filesize
184KB

MD5
af18193030819c075630ffab01b203bc

SHA1
9730b03ccf0be6c9c6715ad41d6905cc5189e958

SHA256
ec0e9c48bf2c7e8684550fd750fc77a18f352c61dec6c70be0bcebd77ca9dc82

SHA512
3e09b70af2cf8d5c246c75ab621857b4b7eebdaccdc647ebe892ec399a1794e3d48b0bd3ef88b09efb2d2484046de44bc07f8a8834510c4a0059bc4cfe1efb31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe

Filesize
184KB

MD5
f1d547aac35acece0bada88d3c2b282a

SHA1
55c38b80f692c5e6f1b093c5828813993debb712

SHA256
48f087d106ce98b4afe66e519c603466fdbcc31a744cb77b55f76572e519f4aa

SHA512
bcd9756a466e1d7c3dad70f51c148cf73e546716360dc2d92e59256492618a859a09b3b413292b307b6b9a995cdd91b6eebcbcf02dbdd1e886462230302c626e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe

Filesize
184KB

MD5
d13ec27d0f9d1de7c568634128bd8f8b

SHA1
a569f334dcab79dfddb40aa959f9fdfec1176a6c

SHA256
8b25023ea467214162b272daadb30f2f755a7bc1dced9ad153c34db50b7a2715

SHA512
fb868d290bc557ed87c9e62b2f0c51d9608c7fcb1c2f14f18394346899fb07aabb670a7f74148f970e66b8112c84bd4e9b9f970c260bb0047889dd997619f1c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe

Filesize
184KB

MD5
c299a0ba3fdb7aa4a79e9567f32d011e

SHA1
df3dcb99b53aa906cdf11747051701e6f791d449

SHA256
8092a374d21e3087d4ada2780a39c389fe1392cfb58d62eb2b71850c96c22b7e

SHA512
e08d55d0f9a701c5bd1060eb71f9fef74300155e7f6bf0ca1721b11614ffc542b943e022c165d31c0462e03a023a2d7b4993d1054e218b7c620c06bda77f0c13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe

Filesize
184KB

MD5
82920388e4a1007bcc868dc0f3e9f9c4

SHA1
1653c26f6c41b167c83b1edea6e11333e7dc1205

SHA256
9c886943a8a870c51356d890c4f16f7f6a8328a16007e8995a973ffffcc17a02

SHA512
06a8e721d811b1a0d49e3603784f0455ae788e5b72fbe24cec07ef4180631e57164f7da6979f25ebeaaabaac8eed4bd0eb85e25c6e28c0d5cba2eb6c8254d972

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42500.exe

Filesize
184KB

MD5
919c77d4f698291bcb3e6bf8a957b9eb

SHA1
7a46d5859c76b9ecaf58a4ad05066cbb2271dccd

SHA256
4649ac13ebb78ce908fac407bc7079ff32f0206b722beb4569598ed220a51ed4

SHA512
dc477fcca80d7fb793222a8b1677184e1f397e993ce932720de5237990a2158493acac9fdc0621ce061b9481d69f1f1f40b17d3be0a3e9c4eb97c19d502f4bf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe

Filesize
184KB

MD5
7f337d8a1139f5104913ff6d69e4d23a

SHA1
67c7820368995c3714c61c179ed4a3812f68048d

SHA256
1b244dc6851cad39d0a590988aef18ca17deeac242b6a8bc5a7a1312fcde7c13

SHA512
3d14392a13fb619057a018bad83afb4d6f1975d689452da0dc8e7c63f092874a25e1ef60eff5fc3bb36e7574debfc650e46ebc8d2b8ab721da649fd6327f9bfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe

Filesize
184KB

MD5
e8525d2d74c85bebf7e34033942f3c39

SHA1
c18ece707abe3a28f961d49968f3f8f32fe2c40b

SHA256
973c9b73f8f9547981e59c5ab43f4c3742076a47d6f8d3f8a38298a1032add77

SHA512
45b89a4049259bbbfc9849b7eda4710efe34b13ec727d0132dcc5f3037a11ce795df1e8c19327ac9a7e1bec60d8f622c9b3e2185d17118f96d50130a5129ee0b

Download Submit