9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
Size

184KB
MD5

62053ca810b13b337f71538a3ee1c899
SHA1

4e469a6805242267e81f8561bea235b6a512c348
SHA256

9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd
SHA512

954d74c5ff07169f061ff73020786d1f422be99dd88c8e6429752b60319ba5957e6b32e1f2f6693d0948ad7e726be1cb14e59c53cfe4cdb8550a4ef91c671538
SSDEEP

3072:03etrCoT1zhoKF6WeKwLRNg9hlnViFzn3:031oX/F6xLTg9hlnViFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-22670.exeUnicorn-16841.exeUnicorn-19616.exeUnicorn-47446.exeUnicorn-20699.exeUnicorn-57586.exeUnicorn-34824.exeUnicorn-51113.exeUnicorn-57221.exeUnicorn-39432.exeUnicorn-55721.exeUnicorn-40777.exeUnicorn-3122.exeUnicorn-61114.exeUnicorn-44464.exeUnicorn-64329.exeUnicorn-3836.exeUnicorn-46540.exeUnicorn-10421.exeUnicorn-40656.exeUnicorn-3001.exeUnicorn-7625.exeUnicorn-4989.exeUnicorn-11574.exeUnicorn-54849.exeUnicorn-55809.exeUnicorn-16723.exeUnicorn-62394.exeUnicorn-51237.exeUnicorn-6544.exeUnicorn-34426.exeUnicorn-28418.exeUnicorn-47188.exeUnicorn-44536.exeUnicorn-27863.exeUnicorn-25210.exeUnicorn-45076.exeUnicorn-3944.exeUnicorn-32942.exeUnicorn-52808.exeUnicorn-27339.exeUnicorn-60841.exeUnicorn-15169.exeUnicorn-15169.exeUnicorn-8433.exeUnicorn-18678.exeUnicorn-46107.exeUnicorn-60860.exeUnicorn-36486.exeUnicorn-49755.exeUnicorn-20268.exeUnicorn-30342.exeUnicorn-41970.exeUnicorn-33466.exeUnicorn-38074.exeUnicorn-62412.exeUnicorn-47591.exeUnicorn-37903.exeUnicorn-28282.exeUnicorn-18613.exeUnicorn-38479.exeUnicorn-20585.exeUnicorn-26746.exeUnicorn-10492.exe

pid	process
1276	Unicorn-22670.exe
2152	Unicorn-16841.exe
2624	Unicorn-19616.exe
2788	Unicorn-47446.exe
2556	Unicorn-20699.exe
1792	Unicorn-57586.exe
2332	Unicorn-34824.exe
2884	Unicorn-51113.exe
3048	Unicorn-57221.exe
1040	Unicorn-39432.exe
2812	Unicorn-55721.exe
2880	Unicorn-40777.exe
1632	Unicorn-3122.exe
2116	Unicorn-61114.exe
2052	Unicorn-44464.exe
2072	Unicorn-64329.exe
380	Unicorn-3836.exe
2848	Unicorn-46540.exe
320	Unicorn-10421.exe
2376	Unicorn-40656.exe
1556	Unicorn-3001.exe
1776	Unicorn-7625.exe
1928	Unicorn-4989.exe
1732	Unicorn-11574.exe
992	Unicorn-54849.exe
2496	Unicorn-55809.exe
1844	Unicorn-16723.exe
2200	Unicorn-62394.exe
1508	Unicorn-51237.exe
2216	Unicorn-6544.exe
2792	Unicorn-34426.exe
2968	Unicorn-28418.exe
2628	Unicorn-47188.exe
2712	Unicorn-44536.exe
2548	Unicorn-27863.exe
2632	Unicorn-25210.exe
2532	Unicorn-45076.exe
1292	Unicorn-3944.exe
2836	Unicorn-32942.exe
2984	Unicorn-52808.exe
2508	Unicorn-27339.exe
1052	Unicorn-60841.exe
2608	Unicorn-15169.exe
2016	Unicorn-15169.exe
820	Unicorn-8433.exe
2960	Unicorn-18678.exe
2084	Unicorn-46107.exe
1988	Unicorn-60860.exe
324	Unicorn-36486.exe
476	Unicorn-49755.exe
984	Unicorn-20268.exe
1368	Unicorn-30342.exe
1440	Unicorn-41970.exe
932	Unicorn-33466.exe
1200	Unicorn-38074.exe
1436	Unicorn-62412.exe
2148	Unicorn-47591.exe
856	Unicorn-37903.exe
2096	Unicorn-28282.exe
1808	Unicorn-18613.exe
1308	Unicorn-38479.exe
2716	Unicorn-20585.exe
2448	Unicorn-26746.exe
3024	Unicorn-10492.exe

Loads dropped DLL 64 IoCs

Processes:

9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exeUnicorn-22670.exeUnicorn-16841.exeUnicorn-19616.exeWerFault.exeUnicorn-47446.exeUnicorn-20699.exeUnicorn-57586.exeWerFault.exeUnicorn-34824.exeUnicorn-57221.exeUnicorn-51113.exeUnicorn-55721.exeUnicorn-39432.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
1276	Unicorn-22670.exe
1276	Unicorn-22670.exe
2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
2152	Unicorn-16841.exe
2152	Unicorn-16841.exe
1276	Unicorn-22670.exe
1276	Unicorn-22670.exe
2624	Unicorn-19616.exe
2624	Unicorn-19616.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
2788	Unicorn-47446.exe
2788	Unicorn-47446.exe
2152	Unicorn-16841.exe
2152	Unicorn-16841.exe
2556	Unicorn-20699.exe
2556	Unicorn-20699.exe
1792	Unicorn-57586.exe
1792	Unicorn-57586.exe
2624	Unicorn-19616.exe
2624	Unicorn-19616.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
1444	WerFault.exe
2332	Unicorn-34824.exe
2332	Unicorn-34824.exe
2788	Unicorn-47446.exe
2788	Unicorn-47446.exe
3048	Unicorn-57221.exe
3048	Unicorn-57221.exe
2556	Unicorn-20699.exe
2884	Unicorn-51113.exe
2556	Unicorn-20699.exe
2884	Unicorn-51113.exe
2812	Unicorn-55721.exe
2812	Unicorn-55721.exe
1040	Unicorn-39432.exe
1040	Unicorn-39432.exe
1792	Unicorn-57586.exe
1792	Unicorn-57586.exe
700	WerFault.exe
700	WerFault.exe
700	WerFault.exe
700	WerFault.exe
700	WerFault.exe
700	WerFault.exe
700	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	2972	WerFault.exe	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
3016	1276	WerFault.exe	Unicorn-22670.exe
1444	2624	WerFault.exe	Unicorn-19616.exe
700	2072	WerFault.exe	Unicorn-64329.exe
1920	2788	WerFault.exe	Unicorn-47446.exe
2004	2556	WerFault.exe	Unicorn-20699.exe
1840	1792	WerFault.exe	Unicorn-57586.exe
2312	2332	WerFault.exe	Unicorn-34824.exe
1996	3048	WerFault.exe	Unicorn-57221.exe
2736	2812	WerFault.exe	Unicorn-55721.exe
2924	1040	WerFault.exe	Unicorn-39432.exe
1628	2880	WerFault.exe	Unicorn-40777.exe
1620	1632	WerFault.exe	Unicorn-3122.exe
2832	2116	WerFault.exe	Unicorn-61114.exe
592	2052	WerFault.exe	Unicorn-44464.exe
948	320	WerFault.exe	Unicorn-10421.exe
1480	2848	WerFault.exe	Unicorn-46540.exe
1836	380	WerFault.exe	Unicorn-3836.exe
1120	2884	WerFault.exe	Unicorn-51113.exe
2948	2376	WerFault.exe	Unicorn-40656.exe
2492	1556	WerFault.exe	Unicorn-3001.exe
1484	1776	WerFault.exe	Unicorn-7625.exe
1652	1928	WerFault.exe	Unicorn-4989.exe
1716	1732	WerFault.exe	Unicorn-11574.exe
1612	992	WerFault.exe	Unicorn-54849.exe
2708	1844	WerFault.exe	Unicorn-16723.exe
3064	2496	WerFault.exe	Unicorn-55809.exe
2568	2200	WerFault.exe	Unicorn-62394.exe
2488	1508	WerFault.exe	Unicorn-51237.exe
3012	2216	WerFault.exe	Unicorn-6544.exe
304	2792	WerFault.exe	Unicorn-34426.exe
2544	2968	WerFault.exe	Unicorn-28418.exe
2580	2628	WerFault.exe	Unicorn-47188.exe
892	2712	WerFault.exe	Unicorn-44536.exe
1860	2632	WerFault.exe	Unicorn-25210.exe
3088	2548	WerFault.exe	Unicorn-27863.exe
3144	2836	WerFault.exe	Unicorn-32942.exe
3208	1052	WerFault.exe	Unicorn-60841.exe
3264	1696	WerFault.exe	Unicorn-158.exe
3284	2016	WerFault.exe	Unicorn-15169.exe
3248	1292	WerFault.exe	Unicorn-3944.exe
3424	2960	WerFault.exe	Unicorn-18678.exe
3776	2608	WerFault.exe	Unicorn-15169.exe
3824	2984	WerFault.exe	Unicorn-52808.exe
3844	2508	WerFault.exe	Unicorn-27339.exe
3884	2532	WerFault.exe	Unicorn-45076.exe
4016	3036	WerFault.exe	Unicorn-25193.exe
4024	2716	WerFault.exe	Unicorn-20585.exe
4048	820	WerFault.exe	Unicorn-8433.exe
4056	2540	WerFault.exe	Unicorn-57280.exe
4072	2084	WerFault.exe	Unicorn-46107.exe
3152	1308	WerFault.exe	Unicorn-38479.exe
3200	896	WerFault.exe	Unicorn-42022.exe
3192	2096	WerFault.exe	Unicorn-28282.exe
3216	2552	WerFault.exe	Unicorn-10492.exe
3400	2448	WerFault.exe	Unicorn-26746.exe
3520	3024	WerFault.exe	Unicorn-10492.exe
3548	2424	WerFault.exe	Unicorn-35438.exe
3756	2876	WerFault.exe	Unicorn-58240.exe
3740	1856	WerFault.exe	Unicorn-35213.exe
3544	1436	WerFault.exe	Unicorn-62412.exe
3228	904	WerFault.exe	Unicorn-41797.exe
3396	1368	WerFault.exe	Unicorn-30342.exe
3636	1200	WerFault.exe	Unicorn-38074.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exeUnicorn-22670.exeUnicorn-16841.exeUnicorn-19616.exeUnicorn-47446.exeUnicorn-20699.exeUnicorn-57586.exeUnicorn-34824.exeUnicorn-51113.exeUnicorn-57221.exeUnicorn-39432.exeUnicorn-55721.exeUnicorn-40777.exeUnicorn-3122.exeUnicorn-61114.exeUnicorn-64329.exeUnicorn-44464.exeUnicorn-3836.exeUnicorn-46540.exeUnicorn-10421.exeUnicorn-40656.exeUnicorn-3001.exeUnicorn-7625.exeUnicorn-4989.exeUnicorn-11574.exeUnicorn-54849.exeUnicorn-55809.exeUnicorn-62394.exeUnicorn-16723.exeUnicorn-51237.exeUnicorn-6544.exeUnicorn-34426.exeUnicorn-28418.exeUnicorn-47188.exeUnicorn-44536.exeUnicorn-25210.exeUnicorn-27863.exeUnicorn-45076.exeUnicorn-3944.exeUnicorn-32942.exeUnicorn-52808.exeUnicorn-27339.exeUnicorn-15169.exeUnicorn-15169.exeUnicorn-18678.exeUnicorn-8433.exeUnicorn-60841.exeUnicorn-60860.exeUnicorn-46107.exeUnicorn-36486.exeUnicorn-49755.exeUnicorn-20268.exeUnicorn-30342.exeUnicorn-41970.exeUnicorn-33466.exeUnicorn-38074.exeUnicorn-62412.exeUnicorn-47591.exeUnicorn-37903.exeUnicorn-28282.exeUnicorn-38479.exeUnicorn-18613.exeUnicorn-10492.exeUnicorn-10492.exe

pid	process
2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
1276	Unicorn-22670.exe
2152	Unicorn-16841.exe
2624	Unicorn-19616.exe
2788	Unicorn-47446.exe
2556	Unicorn-20699.exe
1792	Unicorn-57586.exe
2332	Unicorn-34824.exe
2884	Unicorn-51113.exe
3048	Unicorn-57221.exe
1040	Unicorn-39432.exe
2812	Unicorn-55721.exe
2880	Unicorn-40777.exe
1632	Unicorn-3122.exe
2116	Unicorn-61114.exe
2072	Unicorn-64329.exe
2052	Unicorn-44464.exe
380	Unicorn-3836.exe
2848	Unicorn-46540.exe
320	Unicorn-10421.exe
2376	Unicorn-40656.exe
1556	Unicorn-3001.exe
1776	Unicorn-7625.exe
1928	Unicorn-4989.exe
1732	Unicorn-11574.exe
992	Unicorn-54849.exe
2496	Unicorn-55809.exe
2200	Unicorn-62394.exe
1844	Unicorn-16723.exe
1508	Unicorn-51237.exe
2216	Unicorn-6544.exe
2792	Unicorn-34426.exe
2968	Unicorn-28418.exe
2628	Unicorn-47188.exe
2712	Unicorn-44536.exe
2632	Unicorn-25210.exe
2548	Unicorn-27863.exe
2532	Unicorn-45076.exe
1292	Unicorn-3944.exe
2836	Unicorn-32942.exe
2984	Unicorn-52808.exe
2508	Unicorn-27339.exe
2608	Unicorn-15169.exe
2016	Unicorn-15169.exe
2960	Unicorn-18678.exe
820	Unicorn-8433.exe
1052	Unicorn-60841.exe
1988	Unicorn-60860.exe
2084	Unicorn-46107.exe
324	Unicorn-36486.exe
476	Unicorn-49755.exe
984	Unicorn-20268.exe
1368	Unicorn-30342.exe
1440	Unicorn-41970.exe
932	Unicorn-33466.exe
1200	Unicorn-38074.exe
1436	Unicorn-62412.exe
2148	Unicorn-47591.exe
856	Unicorn-37903.exe
2096	Unicorn-28282.exe
1308	Unicorn-38479.exe
1808	Unicorn-18613.exe
3024	Unicorn-10492.exe
2552	Unicorn-10492.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exeUnicorn-22670.exeUnicorn-16841.exeUnicorn-19616.exeUnicorn-47446.exeUnicorn-20699.exeUnicorn-57586.exeUnicorn-34824.exe

description	pid	process	target process
PID 2972 wrote to memory of 1276	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-22670.exe
PID 2972 wrote to memory of 1276	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-22670.exe
PID 2972 wrote to memory of 1276	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-22670.exe
PID 2972 wrote to memory of 1276	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-22670.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-22670.exe	Unicorn-16841.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-22670.exe	Unicorn-16841.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-22670.exe	Unicorn-16841.exe
PID 1276 wrote to memory of 2152	1276	Unicorn-22670.exe	Unicorn-16841.exe
PID 2972 wrote to memory of 2624	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-19616.exe
PID 2972 wrote to memory of 2624	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-19616.exe
PID 2972 wrote to memory of 2624	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-19616.exe
PID 2972 wrote to memory of 2624	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	Unicorn-19616.exe
PID 2972 wrote to memory of 2672	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	WerFault.exe
PID 2972 wrote to memory of 2672	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	WerFault.exe
PID 2972 wrote to memory of 2672	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	WerFault.exe
PID 2972 wrote to memory of 2672	2972	9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe	WerFault.exe
PID 2152 wrote to memory of 2788	2152	Unicorn-16841.exe	Unicorn-47446.exe
PID 2152 wrote to memory of 2788	2152	Unicorn-16841.exe	Unicorn-47446.exe
PID 2152 wrote to memory of 2788	2152	Unicorn-16841.exe	Unicorn-47446.exe
PID 2152 wrote to memory of 2788	2152	Unicorn-16841.exe	Unicorn-47446.exe
PID 1276 wrote to memory of 2556	1276	Unicorn-22670.exe	Unicorn-20699.exe
PID 1276 wrote to memory of 2556	1276	Unicorn-22670.exe	Unicorn-20699.exe
PID 1276 wrote to memory of 2556	1276	Unicorn-22670.exe	Unicorn-20699.exe
PID 1276 wrote to memory of 2556	1276	Unicorn-22670.exe	Unicorn-20699.exe
PID 2624 wrote to memory of 1792	2624	Unicorn-19616.exe	Unicorn-57586.exe
PID 2624 wrote to memory of 1792	2624	Unicorn-19616.exe	Unicorn-57586.exe
PID 2624 wrote to memory of 1792	2624	Unicorn-19616.exe	Unicorn-57586.exe
PID 2624 wrote to memory of 1792	2624	Unicorn-19616.exe	Unicorn-57586.exe
PID 1276 wrote to memory of 3016	1276	Unicorn-22670.exe	WerFault.exe
PID 1276 wrote to memory of 3016	1276	Unicorn-22670.exe	WerFault.exe
PID 1276 wrote to memory of 3016	1276	Unicorn-22670.exe	WerFault.exe
PID 1276 wrote to memory of 3016	1276	Unicorn-22670.exe	WerFault.exe
PID 2788 wrote to memory of 2332	2788	Unicorn-47446.exe	Unicorn-34824.exe
PID 2788 wrote to memory of 2332	2788	Unicorn-47446.exe	Unicorn-34824.exe
PID 2788 wrote to memory of 2332	2788	Unicorn-47446.exe	Unicorn-34824.exe
PID 2788 wrote to memory of 2332	2788	Unicorn-47446.exe	Unicorn-34824.exe
PID 2152 wrote to memory of 2884	2152	Unicorn-16841.exe	Unicorn-51113.exe
PID 2152 wrote to memory of 2884	2152	Unicorn-16841.exe	Unicorn-51113.exe
PID 2152 wrote to memory of 2884	2152	Unicorn-16841.exe	Unicorn-51113.exe
PID 2152 wrote to memory of 2884	2152	Unicorn-16841.exe	Unicorn-51113.exe
PID 2556 wrote to memory of 3048	2556	Unicorn-20699.exe	Unicorn-57221.exe
PID 2556 wrote to memory of 3048	2556	Unicorn-20699.exe	Unicorn-57221.exe
PID 2556 wrote to memory of 3048	2556	Unicorn-20699.exe	Unicorn-57221.exe
PID 2556 wrote to memory of 3048	2556	Unicorn-20699.exe	Unicorn-57221.exe
PID 1792 wrote to memory of 1040	1792	Unicorn-57586.exe	Unicorn-39432.exe
PID 1792 wrote to memory of 1040	1792	Unicorn-57586.exe	Unicorn-39432.exe
PID 1792 wrote to memory of 1040	1792	Unicorn-57586.exe	Unicorn-39432.exe
PID 1792 wrote to memory of 1040	1792	Unicorn-57586.exe	Unicorn-39432.exe
PID 2624 wrote to memory of 2812	2624	Unicorn-19616.exe	Unicorn-55721.exe
PID 2624 wrote to memory of 2812	2624	Unicorn-19616.exe	Unicorn-55721.exe
PID 2624 wrote to memory of 2812	2624	Unicorn-19616.exe	Unicorn-55721.exe
PID 2624 wrote to memory of 2812	2624	Unicorn-19616.exe	Unicorn-55721.exe
PID 2624 wrote to memory of 1444	2624	Unicorn-19616.exe	WerFault.exe
PID 2624 wrote to memory of 1444	2624	Unicorn-19616.exe	WerFault.exe
PID 2624 wrote to memory of 1444	2624	Unicorn-19616.exe	WerFault.exe
PID 2624 wrote to memory of 1444	2624	Unicorn-19616.exe	WerFault.exe
PID 2332 wrote to memory of 2880	2332	Unicorn-34824.exe	Unicorn-40777.exe
PID 2332 wrote to memory of 2880	2332	Unicorn-34824.exe	Unicorn-40777.exe
PID 2332 wrote to memory of 2880	2332	Unicorn-34824.exe	Unicorn-40777.exe
PID 2332 wrote to memory of 2880	2332	Unicorn-34824.exe	Unicorn-40777.exe
PID 2788 wrote to memory of 1632	2788	Unicorn-47446.exe	Unicorn-3122.exe
PID 2788 wrote to memory of 1632	2788	Unicorn-47446.exe	Unicorn-3122.exe
PID 2788 wrote to memory of 1632	2788	Unicorn-47446.exe	Unicorn-3122.exe
PID 2788 wrote to memory of 1632	2788	Unicorn-47446.exe	Unicorn-3122.exe

C:\Users\Admin\AppData\Local\Temp\9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe
"C:\Users\Admin\AppData\Local\Temp\9675af78341f570d799ed6845b94a5735ac2ac8924c636a4086663111a09c3bd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-40656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40656.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
10⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
11⤵
PID:408

C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
12⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
13⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
14⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
15⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 236
15⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
14⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
13⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 216
12⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
11⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
10⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
11⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
12⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
13⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
14⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
14⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
13⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
12⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
11⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
10⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
9⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
10⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
12⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
13⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
14⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
14⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
13⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
11⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
10⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
9⤵
- Program crash
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
9⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
10⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
12⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
13⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
14⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
14⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
13⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
12⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
11⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
10⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
11⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
12⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 236
13⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 236
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
9⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
8⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
9⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
10⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
11⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
12⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
13⤵
PID:11484

C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
14⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11484 -s 236
14⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
8⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
11⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 220
11⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
9⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
8⤵
- Program crash
PID:304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
9⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
10⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
11⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
12⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
13⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
14⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
14⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
13⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
12⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
11⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25262.exe
13⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 240
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
8⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
12⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
13⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 236
13⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
11⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
9⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
8⤵
- Program crash
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
11⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
13⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
12⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
11⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 220
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
9⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57163.exe
11⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
10⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
8⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
6⤵
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
9⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
10⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
11⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
12⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
13⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
14⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
14⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
13⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
12⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
11⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
10⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
12⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 236
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
12⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
9⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
11⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
12⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
13⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
10⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
9⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
8⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
12⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
11⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
10⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
11⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
12⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 236
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
8⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
7⤵
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
10⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
11⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
12⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
13⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
10⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
11⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
12⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 236
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
11⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
7⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
11⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 236
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
6⤵
- Program crash
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 188
6⤵
- Loads dropped DLL
- Program crash
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
5⤵
- Program crash
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
9⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
11⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
12⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
13⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
14⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 236
14⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
13⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
12⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
11⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
10⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
11⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
12⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
13⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
12⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
9⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
8⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
11⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
12⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
13⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
13⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 236
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
9⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
8⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47591.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
8⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
11⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
12⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
13⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 236
13⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
12⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
11⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
10⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
10⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
11⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18993.exe
12⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
8⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
7⤵
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
8⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
12⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 220
13⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
11⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
11⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
7⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
10⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
11⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
11⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 236
10⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
8⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
6⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
10⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
11⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-14964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14964.exe
13⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
11⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
8⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56885.exe
8⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
9⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
10⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16570.exe
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 220
11⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
10⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
7⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
6⤵
- Executes dropped EXE
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
7⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
11⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
7⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
6⤵
- Program crash
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
5⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
8⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
11⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
8⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
7⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
10⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
11⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
8⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 216
12⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 236
10⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
7⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
8⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
9⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
9⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
10⤵
PID:1352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 240
9⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
8⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
6⤵
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
7⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
9⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 220
10⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
9⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
10⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
11⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
10⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
9⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
8⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
7⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
6⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
10⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
11⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
12⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 236
11⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
10⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
7⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
6⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
5⤵
- Program crash
PID:592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
8⤵
- Executes dropped EXE
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
9⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
11⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
12⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-7675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7675.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
14⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 236
14⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
13⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
12⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
10⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
9⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
11⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
7⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
8⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
11⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
12⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
13⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
13⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
10⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
11⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
7⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
12⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
13⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38165.exe
7⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
10⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
11⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
12⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 236
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
9⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
7⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
6⤵
- Program crash
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
11⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
12⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
8⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
7⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
10⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
11⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
12⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
10⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
7⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
6⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
10⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
11⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
7⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
8⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
9⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
10⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
9⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
8⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 220
7⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
6⤵
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
5⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
6⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
7⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-39466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39466.exe
9⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
11⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
8⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
7⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
6⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
7⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
8⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
9⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
10⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
11⤵
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 220
10⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
9⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
8⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
7⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
6⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
5⤵
- Program crash
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
4⤵
- Program crash
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
7⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
12⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
13⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
8⤵
- Program crash
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-28949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28949.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
11⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
12⤵
PID:284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 236
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
9⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
7⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
6⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
10⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
8⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
7⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
6⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8433.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
6⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
7⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
10⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
8⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
7⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
6⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe
7⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
7⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
8⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13475.exe
9⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
10⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
10⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
9⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
8⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 220
7⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
6⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
5⤵
- Program crash
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
7⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-28202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28202.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
12⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
8⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
7⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
6⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
9⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
10⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
11⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
10⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
9⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
8⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
6⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
5⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
6⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
7⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
10⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
9⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
8⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
7⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
6⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
7⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
8⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
9⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
10⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 236
10⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 236
9⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
8⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
7⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
5⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
4⤵
- Program crash
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
2⤵
- Program crash
PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe

Filesize
184KB

MD5
6612753b3a1249cfca1b8cd3dbf2cc71

SHA1
1f65c3cf736907cd6a039bdfccd4904eeeeff74d

SHA256
6741eb6e6a711ac110310832750a4005e2b67fed62952740123f29d59c6c9827

SHA512
039695e6de2fabb4130f3b27e16d8b891cce237689729cbf229b58d9451ce033cc7e0b6e5f69c45a19fbe0c60903dacc2a53678ff848e1922b5dc5c8fea95a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe

Filesize
184KB

MD5
984811dbec8dd202d04ddc84095a6c9b

SHA1
d337f6306b64810d5b8b226f4ba2dbb221ac3988

SHA256
faf2bc8dd8e0db2921df6ca08242334201fe9e74281c2b2e32dabbf002d10400

SHA512
2cd144610f8190dc76c9849e203900d550deeb330c461e9103d703294dcd237eb7004620ea6a8c094fc14b45ccf42a0b5cdc5e41036ca0842448d05a79b778c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe

Filesize
184KB

MD5
b8bc0e0be8c88f2dbc0cd54a51c21a90

SHA1
c6a011e28c82398e1f37a28f9798fdfb8126bba1

SHA256
2e6340d54fcf9112d68d7b8365f3b51e68a6110248a98d5f598bc7ca43204d65

SHA512
3624b880c449aa27a71e990554cb80e19ef2974840af16abe72f3b6d84b46a1860a427f8785c6ec1d606453952d94b9cf11196454149ebba1f9ccfa838bf1078

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe

Filesize
184KB

MD5
2417b4cf483892e169682dcf95d82b28

SHA1
abc5fe81d7161fba918e48cd909f9dce6f624b15

SHA256
ea58d7a7ba408110fd5777a7f042058d45783607e0d6dee9d1fc2be2b7930e36

SHA512
e22e83e4e146e7a55d3eaf4199d88a32f0202ee04abbbcd7da9b2be7b515c74614e272ec8a9eacf8a0645fcf562a8cbab35882f78a324254581377f010b9340b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe

Filesize
184KB

MD5
3e1553029230c6c31ad19af1affda9e3

SHA1
3169c315f3519626e55bd58c6ec4182623c62ff0

SHA256
5247346f2a0abd77454f08a0890004dfa2fbaafe60d9793355408e4b88c07259

SHA512
c19b58a3b24070f69a3a8cd3c7a1eb012e2991d337ad9212fd82f5f0a7622f7a08b80bc3f2b76b6aafa22cc697dd9b3d35c7ff29cfc89662d69051e96d4a6a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40931.exe

Filesize
184KB

MD5
613d375dd36268413a248efe9d05136c

SHA1
1d0ad9ab70c2ef1aaed37e40ec16abe3d7a7ebb3

SHA256
93371a88a2ab07904c463689ca1af6f50f8aea67bc96f65663170d16f192dc74

SHA512
1665047627f35a8be457f41ab7c2d6fafad825702553f09fb6683faf5036e6bbbd18462b8940ae9a07987faac224cc723045aed36dac4b01f78f5dbf29d7190f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe

Filesize
184KB

MD5
cc1be538f1a01c336817d7403c38d2a4

SHA1
6c37efe0440b855c94f6e37a963411cc5b68b820

SHA256
7eef24ebf31e748f94e3d0e014bb8062cf325f243627db2d02ec5f31850f4a59

SHA512
a13def35092278e47ddcba7accc1f43685ca1c719f800b826608eda0b29a9f859689cc3d1c99be2de9261c9ebe70ab95f6e410d7ec06917da09577ee18d45a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe

Filesize
184KB

MD5
d1c87330155cc32abbcda3422ff35203

SHA1
a5bb1072a576be2e631444bd69e94a39e69ecb5b

SHA256
559034e036b932eedede95bb857d77fe488be2e02cb1d351f4afcf86ff8b12b4

SHA512
8f871391b08db1e3cf4123a42ce940f53e3fa8ba5082e6cfd6ea4ceb493d8334f1126385fd51617c653e1f1111fff3281d1f28a8c34248bea25df634232aeb1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe

Filesize
184KB

MD5
8c38c68d5ba80296daa8038bec02a09b

SHA1
33ca3a55908a082b3dfb0f393d97452399afef97

SHA256
ca021d14644d66ba7262781ed6e1b28be8acba36e9759284c9d8235b0b248c04

SHA512
bc959e2fbd58072979e1447f6badd66ecfe777ee0224ea85a8eec99560e80e60d682ed90a7ac2963e576f70fb254b14b1304174a317c7e76a2f0697accc9f39d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe

Filesize
184KB

MD5
02f430b9f593eae831dd0c71c4530ddd

SHA1
ef431a81642600caf36c93caf7b78806dbd45e75

SHA256
eaa1a6803a02d20cd2ca0f85b5e372ff6f4a9659ccadf7382cef5695a8376e23

SHA512
29d3c85a881cc0912a7a0992cc201688609012c2b765f3f4af7089f77eea2c6cf466936f3c1c0abe6dafb0b501540c83fc797af7bc9d547d8be4c1e92d81f7f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe

Filesize
184KB

MD5
3cba7528122579c43402834143fe96d2

SHA1
97e87bd0b7077a4bfabe38527688d58172a55047

SHA256
45f5da357f62a6e27afff4fa283c7ead672149691751584b3b751e24770596d2

SHA512
8ae8a67d6bfc534b71caac56e7de2d7f6c54180973effb093b545882352fcc5fb1f40b2e9561d96a9eee061db539deef7115b275bc0b4ca1a297b5a6e029b284

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe

Filesize
184KB

MD5
34eb3a6e060cc7597a9d828b28f85848

SHA1
e2de9ce9f72bc19110464d19da52dd5b94c39bd0

SHA256
52ffd2599108e20b05a902663009cac398d8ab89602414536c005e9f638b107f

SHA512
b13d6835a567b40e64cbb78661ab014c6001053386bdc4f059cdbfee31e3512fada4f2905182bb832a47a719afdc1dfdb388a1ff484ad10f05568a9254381046

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe

Filesize
184KB

MD5
01ea081c8c4f6e977be4da1cdc8db8cd

SHA1
1a2bfbb26a455bbb8acbf9b86b3ea8ee4ce1c80b

SHA256
64c6810767c15f35cc9007026bebf13087397b7e46a66a1f0be81be400604585

SHA512
800a9c1e913c12eb288e25039fd2370574de7400fe70fcdd2eaa49b011f2952651325308547f5b787a5aa5bc268702cc5cf94a7722654ff66e48ce3a2dbd975c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe

Filesize
184KB

MD5
59249e7bcfcf8d62db16988ccb513432

SHA1
070c06ad2973b6ab14bfeb4b1cd7200394232b5b

SHA256
a693bdb9163e30059624d7a05f7d8611db512d172bb4260dd601a4e7be6f4c06

SHA512
1c1ff0250db53534de5ca38ae6e255c229c323a63c4315a46097d1622c727d0bc586bc8c2d80d7dad702e2d45a015152dc8c658b0db0ea6c5ba49f8a5d0c3d00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe

Filesize
184KB

MD5
57e6967524c044ea9a8ee2cf31d2ff83

SHA1
703570ffa1ec7db544cf649e5e0185cb1986cb65

SHA256
f64231289a72fe76e73a1e80d9b1226c4eef8001f898f3fe7513b5da4639145f

SHA512
7dde6a0b8828e154d0db4485a4fa964dbf9a70c5a8e35cf22ce8d4b76d4fd6f9ae13ade869283400d65cc1f8af0c187fc9295ccb70bcbed10e5900ff1f5acd9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe

Filesize
184KB

MD5
f72c65a20a92e8d8c4010dcce6f74b30

SHA1
253435a2c3aee92547e80569579c2ce584efa874

SHA256
1f20cbbbc4c71ae09b514a75a241ab4c7d3138993dd98ebdde4815ba757d0ef7

SHA512
75996df58d81135daf7ac8fe445c0ff7133c9a584312937649d22d6625aa217cd2fcd3ea7dd5563755247c8dd0e9027aff0965c1aac960071eeb353fc9881b4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe

Filesize
184KB

MD5
5a30b4ef980978f1e7b408a00eac90a3

SHA1
d43d07d3a1b09905a26b4056729e97c0b61b1686

SHA256
32370e198c67d14b80091f23a680ca16ccf385093aae61a58f6b923d5b7464dd

SHA512
ca96721207f1fba5ca0b1702e62047521d868550e0fcadb5e7ed1dc6fd9ee515db499c41aaf3e4131339b87eb516da551bb62a289af0f22fab24af7e4548a7a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe

Filesize
184KB

MD5
2b6291a61d6e75a21966e0c41e9cac86

SHA1
0450f8d62262dc649cb8d32a4aef5660b5101a0d

SHA256
73095cf4ab4a41d0b62398c825e8b12cb822d6ece5c8a1c15d62a6883be608c2

SHA512
7055d16edc33b8b2616562a56542be1626335d6140a51fb40eac8b272345f82503e7bc421eaf816d597899e0f8cb524a56fad23a8cac3c0a18bee17ba9f79b01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe

Filesize
184KB

MD5
285528689648b8c40799c565f75d2755

SHA1
6be86c1aba3440877ed2a1d0de9ebf663fa948dc

SHA256
fedc34e801b57f24464bad04daa98da09e88caf55555b5bd72726077fa5be618

SHA512
78ff00c699938784aab27c929547692b0da926988e2339607d499ee1d3cf0e19fc5fc296aa269821d7f52239a27b86789a5ae82ab6676980a3183844a55b7acc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe

Filesize
184KB

MD5
d4a97984c0bfb4db776d8e37f6947c53

SHA1
466595fbd531aaf1df44f9fd96fe4b46af744797

SHA256
5170a9c7ff99498cf5669553d5dc47754d19509cb3bf0608296bf76d9e5bdd96

SHA512
9b528e8f5260ad6428f22af36c0bc11c3b298d613a0eea26a2932f1ec962a7c825e158587b299cccfc174641757800a561d3254b28e3c7c1beace81f8d726900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe

Filesize
184KB

MD5
8a0bf58bcdb8b85cbb639ff677e0e168

SHA1
f6412c506e11d261115b47734a5c7c67dd0ecc42

SHA256
3d7967103fa0475924e8781180e0780458b256d4efa310d2d83236d208cb8c65

SHA512
24665bf815343a3c791f0819a198204e0177da845815f165221c4f22d4b8a1ccef0f021df413792970b0dccc4f26ae6d27721fb7516bd09cc7619ac369b7c3fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe

Filesize
184KB

MD5
0fbc138608d5ebd29b9d1117f3bd7e5c

SHA1
08ce5425832f89511f2fe4ccc6d6058375d11c1c

SHA256
4130e277b99a025234fd74b1b3663694e9a6cc695f71a227441d07eaaa3fe239

SHA512
680bfcb48f760d05cbaec6c783981925b0dde7a6ec7dc2a69f0d47276e5deb9c8fee31fdff7d5e02abdbbae8ebc95d859a552fe94102948c66998c84980465c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe

Filesize
184KB

MD5
91bd893866a4a30736b97ba0167fe3b5

SHA1
e776c9262282ba7daafa5525584b574cb5070dd1

SHA256
700b47eb57afaef632489083daa27236a3ef5c687cef6828e1924f5c1ad94611

SHA512
151cf637eee9a3967608bfc76e52f956638d013b17f3269ea5c39f814664fd0432610f534729a8de8080cfb20f27c0f3c3f414ae03def643a82d8043f95b37c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe

Filesize
184KB

MD5
935d0adf12ab12bd6803a72a1ebc290b

SHA1
a505cf1b9721aaa68c7cedb2f48c9d6cd072b7c8

SHA256
8a693f7a75b49c2e27b15336f22fc86a89251b1cad4ed3f70a4cce3625c843a9

SHA512
a466f63561499af08fa6562f929dc7dba3d07ca373a7a392d4887d58b0399389daa58bc7ab8a58cfff8367939a61efd6252f7f1039905313a81fcf4fdd237ee1

Download Submit