ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
Size

184KB
MD5

b52d59d4992f9da16f4a60d3c4a9c81e
SHA1

8f2bdf48be9ba06488ef0e3728b0056889792bb6
SHA256

ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866
SHA512

87d4943f2e2ac10d4dd286461de0aaff2323d539edcbc130c8601c703d827e331e1e465cdb38efa07cb437ede95d3628836293c0cf75f98fec9db20ff4059f26
SSDEEP

3072:1qw3xxoLDah4dJ5ceOuLTKDWhln5iFqn3:1qsockJ55L2DWhln5iFq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47051.exeUnicorn-51465.exeUnicorn-2191.exeUnicorn-44164.exeUnicorn-22160.exeUnicorn-42026.exeUnicorn-28869.exeUnicorn-28869.exeUnicorn-24270.exeUnicorn-29061.exeUnicorn-24270.exeUnicorn-40582.exeUnicorn-53965.exeUnicorn-56617.exeUnicorn-21484.exeUnicorn-56809.exeUnicorn-41350.exeUnicorn-39596.exeUnicorn-4271.exeUnicorn-60743.exeUnicorn-25418.exeUnicorn-13187.exeUnicorn-26535.exeUnicorn-26535.exeUnicorn-26535.exeUnicorn-42186.exeUnicorn-22512.exeUnicorn-55185.exeUnicorn-63047.exeUnicorn-63047.exeUnicorn-43373.exeUnicorn-43373.exeUnicorn-65157.exeUnicorn-12427.exeUnicorn-17218.exeUnicorn-14337.exeUnicorn-57871.exeUnicorn-746.exeUnicorn-60943.exeUnicorn-30923.exeUnicorn-11249.exeUnicorn-63787.exeUnicorn-29038.exeUnicorn-46766.exeUnicorn-46766.exeUnicorn-61903.exeUnicorn-16232.exeUnicorn-16232.exeUnicorn-16232.exeUnicorn-60341.exeUnicorn-60341.exeUnicorn-64747.exeUnicorn-40456.exeUnicorn-2018.exeUnicorn-52096.exeUnicorn-30476.exeUnicorn-50534.exeUnicorn-50534.exeUnicorn-15209.exeUnicorn-5666.exeUnicorn-51338.exeUnicorn-52838.exeUnicorn-15951.exeUnicorn-25833.exe

pid	process
2600	Unicorn-47051.exe
2612	Unicorn-51465.exe
2720	Unicorn-2191.exe
2700	Unicorn-44164.exe
2688	Unicorn-22160.exe
2112	Unicorn-42026.exe
2776	Unicorn-28869.exe
1424	Unicorn-28869.exe
2728	Unicorn-24270.exe
2984	Unicorn-29061.exe
2856	Unicorn-24270.exe
1540	Unicorn-40582.exe
1348	Unicorn-53965.exe
1388	Unicorn-56617.exe
2936	Unicorn-21484.exe
1972	Unicorn-56809.exe
2760	Unicorn-41350.exe
1932	Unicorn-39596.exe
264	Unicorn-4271.exe
448	Unicorn-60743.exe
2492	Unicorn-25418.exe
548	Unicorn-13187.exe
1320	Unicorn-26535.exe
1784	Unicorn-26535.exe
1948	Unicorn-26535.exe
1888	Unicorn-42186.exe
2964	Unicorn-22512.exe
708	Unicorn-55185.exe
2084	Unicorn-63047.exe
2036	Unicorn-63047.exe
2000	Unicorn-43373.exe
1712	Unicorn-43373.exe
2064	Unicorn-65157.exe
796	Unicorn-12427.exe
2144	Unicorn-17218.exe
3064	Unicorn-14337.exe
2676	Unicorn-57871.exe
2636	Unicorn-746.exe
2656	Unicorn-60943.exe
2768	Unicorn-30923.exe
2640	Unicorn-11249.exe
3000	Unicorn-63787.exe
2404	Unicorn-29038.exe
2828	Unicorn-46766.exe
2880	Unicorn-46766.exe
376	Unicorn-61903.exe
2608	Unicorn-16232.exe
2872	Unicorn-16232.exe
2888	Unicorn-16232.exe
1608	Unicorn-60341.exe
1508	Unicorn-60341.exe
1628	Unicorn-64747.exe
1956	Unicorn-40456.exe
2016	Unicorn-2018.exe
328	Unicorn-52096.exe
2160	Unicorn-30476.exe
1720	Unicorn-50534.exe
2356	Unicorn-50534.exe
1772	Unicorn-15209.exe
1100	Unicorn-5666.exe
1524	Unicorn-51338.exe
296	Unicorn-52838.exe
1672	Unicorn-15951.exe
2648	Unicorn-25833.exe

Loads dropped DLL 64 IoCs

Processes:

ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exeUnicorn-47051.exeUnicorn-51465.exeUnicorn-2191.exeWerFault.exeUnicorn-44164.exeUnicorn-42026.exeUnicorn-22160.exeWerFault.exeWerFault.exeUnicorn-28869.exeUnicorn-24270.exeUnicorn-29061.exeUnicorn-24270.exeUnicorn-28869.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
2600	Unicorn-47051.exe
2600	Unicorn-47051.exe
1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
2612	Unicorn-51465.exe
2720	Unicorn-2191.exe
2612	Unicorn-51465.exe
2720	Unicorn-2191.exe
2600	Unicorn-47051.exe
2600	Unicorn-47051.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2700	Unicorn-44164.exe
2112	Unicorn-42026.exe
2700	Unicorn-44164.exe
2112	Unicorn-42026.exe
2720	Unicorn-2191.exe
2612	Unicorn-51465.exe
2612	Unicorn-51465.exe
2720	Unicorn-2191.exe
2688	Unicorn-22160.exe
2688	Unicorn-22160.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1052	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1052	WerFault.exe
1424	Unicorn-28869.exe
1424	Unicorn-28869.exe
2112	Unicorn-42026.exe
2112	Unicorn-42026.exe
2856	Unicorn-24270.exe
2984	Unicorn-29061.exe
2856	Unicorn-24270.exe
2984	Unicorn-29061.exe
2688	Unicorn-22160.exe
2728	Unicorn-24270.exe
2688	Unicorn-22160.exe
2728	Unicorn-24270.exe
2776	Unicorn-28869.exe
2776	Unicorn-28869.exe
2700	Unicorn-44164.exe
2700	Unicorn-44164.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1828	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2644	1704	WerFault.exe	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
2788	2600	WerFault.exe	Unicorn-47051.exe
1052	2612	WerFault.exe	Unicorn-51465.exe
1816	2720	WerFault.exe	Unicorn-2191.exe
1108	2112	WerFault.exe	Unicorn-42026.exe
1804	2700	WerFault.exe	Unicorn-44164.exe
1828	2688	WerFault.exe	Unicorn-22160.exe
2068	1424	WerFault.exe	Unicorn-28869.exe
2080	2856	WerFault.exe	Unicorn-24270.exe
3024	2984	WerFault.exe	Unicorn-29061.exe
1576	2728	WerFault.exe	Unicorn-24270.exe
1696	2776	WerFault.exe	Unicorn-28869.exe
2100	1540	WerFault.exe	Unicorn-40582.exe
2336	1348	WerFault.exe	Unicorn-53965.exe
2940	2760	WerFault.exe	Unicorn-41350.exe
2292	2936	WerFault.exe	Unicorn-21484.exe
3056	264	WerFault.exe	Unicorn-4271.exe
320	1932	WerFault.exe	Unicorn-39596.exe
2140	1972	WerFault.exe	Unicorn-56809.exe
776	1388	WerFault.exe	Unicorn-56617.exe
2800	448	WerFault.exe	Unicorn-60743.exe
2804	2492	WerFault.exe	Unicorn-25418.exe
2736	548	WerFault.exe	Unicorn-13187.exe
2908	1948	WerFault.exe	Unicorn-26535.exe
2668	1784	WerFault.exe	Unicorn-26535.exe
2216	1888	WerFault.exe	Unicorn-42186.exe
1188	1712	WerFault.exe	Unicorn-43373.exe
2592	2084	WerFault.exe	Unicorn-63047.exe
2224	1320	WerFault.exe	Unicorn-26535.exe
2968	2964	WerFault.exe	Unicorn-22512.exe
2220	2036	WerFault.exe	Unicorn-63047.exe
1612	2000	WerFault.exe	Unicorn-43373.exe
1088	708	WerFault.exe	Unicorn-55185.exe
3488	2064	WerFault.exe	Unicorn-65157.exe
3568	3064	WerFault.exe	Unicorn-14337.exe
3580	2676	WerFault.exe	Unicorn-57871.exe
3728	2636	WerFault.exe	Unicorn-746.exe
3788	2768	WerFault.exe	Unicorn-30923.exe
3804	1508	WerFault.exe	Unicorn-60341.exe
3812	2880	WerFault.exe	Unicorn-46766.exe
3836	3000	WerFault.exe	Unicorn-63787.exe
3868	796	WerFault.exe	Unicorn-12427.exe
3892	2872	WerFault.exe	Unicorn-16232.exe
3656	1956	WerFault.exe	Unicorn-40456.exe
1160	2888	WerFault.exe	Unicorn-16232.exe
3112	2144	WerFault.exe	Unicorn-17218.exe
3212	2656	WerFault.exe	Unicorn-60943.exe
3380	376	WerFault.exe	Unicorn-61903.exe
3228	2404	WerFault.exe	Unicorn-29038.exe
3680	2280	WerFault.exe	Unicorn-4021.exe
3716	1328	WerFault.exe	Unicorn-55033.exe
3740	1716	WerFault.exe	Unicorn-29455.exe
3748	2268	WerFault.exe	Unicorn-41868.exe
4028	1236	WerFault.exe	Unicorn-29263.exe
4056	2584	WerFault.exe	Unicorn-41109.exe
3432	1504	WerFault.exe	Unicorn-26610.exe
3980	2828	WerFault.exe	Unicorn-46766.exe
3512	2864	WerFault.exe	Unicorn-61743.exe
3676	1872	WerFault.exe	Unicorn-42069.exe
3504	1536	WerFault.exe	Unicorn-39765.exe
3552	2204	WerFault.exe	Unicorn-26610.exe
4160	2640	WerFault.exe	Unicorn-11249.exe
4284	2664	WerFault.exe	Unicorn-25833.exe
4296	1628	WerFault.exe	Unicorn-64747.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exeUnicorn-47051.exeUnicorn-51465.exeUnicorn-2191.exeUnicorn-44164.exeUnicorn-22160.exeUnicorn-42026.exeUnicorn-28869.exeUnicorn-29061.exeUnicorn-24270.exeUnicorn-24270.exeUnicorn-28869.exeUnicorn-40582.exeUnicorn-53965.exeUnicorn-21484.exeUnicorn-56617.exeUnicorn-41350.exeUnicorn-39596.exeUnicorn-56809.exeUnicorn-4271.exeUnicorn-60743.exeUnicorn-25418.exeUnicorn-13187.exeUnicorn-26535.exeUnicorn-26535.exeUnicorn-26535.exeUnicorn-42186.exeUnicorn-22512.exeUnicorn-63047.exeUnicorn-55185.exeUnicorn-43373.exeUnicorn-63047.exeUnicorn-43373.exeUnicorn-65157.exeUnicorn-12427.exeUnicorn-17218.exeUnicorn-14337.exeUnicorn-57871.exeUnicorn-746.exeUnicorn-60943.exeUnicorn-30923.exeUnicorn-63787.exeUnicorn-11249.exeUnicorn-46766.exeUnicorn-46766.exeUnicorn-61903.exeUnicorn-29038.exeUnicorn-16232.exeUnicorn-16232.exeUnicorn-16232.exeUnicorn-60341.exeUnicorn-60341.exeUnicorn-64747.exeUnicorn-40456.exeUnicorn-2018.exeUnicorn-52096.exeUnicorn-30476.exeUnicorn-50534.exeUnicorn-50534.exeUnicorn-15209.exeUnicorn-5666.exeUnicorn-51338.exeUnicorn-52838.exeUnicorn-15951.exe

pid	process
1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
2600	Unicorn-47051.exe
2612	Unicorn-51465.exe
2720	Unicorn-2191.exe
2700	Unicorn-44164.exe
2688	Unicorn-22160.exe
2112	Unicorn-42026.exe
1424	Unicorn-28869.exe
2984	Unicorn-29061.exe
2856	Unicorn-24270.exe
2728	Unicorn-24270.exe
2776	Unicorn-28869.exe
1540	Unicorn-40582.exe
1348	Unicorn-53965.exe
2936	Unicorn-21484.exe
1388	Unicorn-56617.exe
2760	Unicorn-41350.exe
1932	Unicorn-39596.exe
1972	Unicorn-56809.exe
264	Unicorn-4271.exe
448	Unicorn-60743.exe
2492	Unicorn-25418.exe
548	Unicorn-13187.exe
1784	Unicorn-26535.exe
1320	Unicorn-26535.exe
1948	Unicorn-26535.exe
1888	Unicorn-42186.exe
2964	Unicorn-22512.exe
2084	Unicorn-63047.exe
708	Unicorn-55185.exe
1712	Unicorn-43373.exe
2036	Unicorn-63047.exe
2000	Unicorn-43373.exe
2064	Unicorn-65157.exe
796	Unicorn-12427.exe
2144	Unicorn-17218.exe
3064	Unicorn-14337.exe
2676	Unicorn-57871.exe
2636	Unicorn-746.exe
2656	Unicorn-60943.exe
2768	Unicorn-30923.exe
3000	Unicorn-63787.exe
2640	Unicorn-11249.exe
2828	Unicorn-46766.exe
2880	Unicorn-46766.exe
376	Unicorn-61903.exe
2404	Unicorn-29038.exe
2888	Unicorn-16232.exe
2608	Unicorn-16232.exe
2872	Unicorn-16232.exe
1508	Unicorn-60341.exe
1608	Unicorn-60341.exe
1628	Unicorn-64747.exe
1956	Unicorn-40456.exe
2016	Unicorn-2018.exe
328	Unicorn-52096.exe
2160	Unicorn-30476.exe
1720	Unicorn-50534.exe
2356	Unicorn-50534.exe
1772	Unicorn-15209.exe
1100	Unicorn-5666.exe
1524	Unicorn-51338.exe
296	Unicorn-52838.exe
1672	Unicorn-15951.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exeUnicorn-47051.exeUnicorn-51465.exeUnicorn-2191.exeUnicorn-44164.exeUnicorn-42026.exeUnicorn-22160.exeUnicorn-28869.exe

description	pid	process	target process
PID 1704 wrote to memory of 2600	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-47051.exe
PID 1704 wrote to memory of 2600	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-47051.exe
PID 1704 wrote to memory of 2600	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-47051.exe
PID 1704 wrote to memory of 2600	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-47051.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-47051.exe	Unicorn-51465.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-47051.exe	Unicorn-51465.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-47051.exe	Unicorn-51465.exe
PID 2600 wrote to memory of 2612	2600	Unicorn-47051.exe	Unicorn-51465.exe
PID 1704 wrote to memory of 2720	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-2191.exe
PID 1704 wrote to memory of 2720	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-2191.exe
PID 1704 wrote to memory of 2720	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-2191.exe
PID 1704 wrote to memory of 2720	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	Unicorn-2191.exe
PID 1704 wrote to memory of 2644	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	WerFault.exe
PID 1704 wrote to memory of 2644	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	WerFault.exe
PID 1704 wrote to memory of 2644	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	WerFault.exe
PID 1704 wrote to memory of 2644	1704	ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe	WerFault.exe
PID 2612 wrote to memory of 2700	2612	Unicorn-51465.exe	Unicorn-44164.exe
PID 2612 wrote to memory of 2700	2612	Unicorn-51465.exe	Unicorn-44164.exe
PID 2612 wrote to memory of 2700	2612	Unicorn-51465.exe	Unicorn-44164.exe
PID 2612 wrote to memory of 2700	2612	Unicorn-51465.exe	Unicorn-44164.exe
PID 2720 wrote to memory of 2112	2720	Unicorn-2191.exe	Unicorn-42026.exe
PID 2720 wrote to memory of 2112	2720	Unicorn-2191.exe	Unicorn-42026.exe
PID 2720 wrote to memory of 2112	2720	Unicorn-2191.exe	Unicorn-42026.exe
PID 2720 wrote to memory of 2112	2720	Unicorn-2191.exe	Unicorn-42026.exe
PID 2600 wrote to memory of 2688	2600	Unicorn-47051.exe	Unicorn-22160.exe
PID 2600 wrote to memory of 2688	2600	Unicorn-47051.exe	Unicorn-22160.exe
PID 2600 wrote to memory of 2688	2600	Unicorn-47051.exe	Unicorn-22160.exe
PID 2600 wrote to memory of 2688	2600	Unicorn-47051.exe	Unicorn-22160.exe
PID 2600 wrote to memory of 2788	2600	Unicorn-47051.exe	WerFault.exe
PID 2600 wrote to memory of 2788	2600	Unicorn-47051.exe	WerFault.exe
PID 2600 wrote to memory of 2788	2600	Unicorn-47051.exe	WerFault.exe
PID 2600 wrote to memory of 2788	2600	Unicorn-47051.exe	WerFault.exe
PID 2700 wrote to memory of 2776	2700	Unicorn-44164.exe	Unicorn-28869.exe
PID 2700 wrote to memory of 2776	2700	Unicorn-44164.exe	Unicorn-28869.exe
PID 2700 wrote to memory of 2776	2700	Unicorn-44164.exe	Unicorn-28869.exe
PID 2700 wrote to memory of 2776	2700	Unicorn-44164.exe	Unicorn-28869.exe
PID 2112 wrote to memory of 1424	2112	Unicorn-42026.exe	Unicorn-28869.exe
PID 2112 wrote to memory of 1424	2112	Unicorn-42026.exe	Unicorn-28869.exe
PID 2112 wrote to memory of 1424	2112	Unicorn-42026.exe	Unicorn-28869.exe
PID 2112 wrote to memory of 1424	2112	Unicorn-42026.exe	Unicorn-28869.exe
PID 2612 wrote to memory of 2856	2612	Unicorn-51465.exe	Unicorn-24270.exe
PID 2612 wrote to memory of 2856	2612	Unicorn-51465.exe	Unicorn-24270.exe
PID 2612 wrote to memory of 2856	2612	Unicorn-51465.exe	Unicorn-24270.exe
PID 2612 wrote to memory of 2856	2612	Unicorn-51465.exe	Unicorn-24270.exe
PID 2720 wrote to memory of 2728	2720	Unicorn-2191.exe	Unicorn-24270.exe
PID 2720 wrote to memory of 2728	2720	Unicorn-2191.exe	Unicorn-24270.exe
PID 2720 wrote to memory of 2728	2720	Unicorn-2191.exe	Unicorn-24270.exe
PID 2720 wrote to memory of 2728	2720	Unicorn-2191.exe	Unicorn-24270.exe
PID 2688 wrote to memory of 2984	2688	Unicorn-22160.exe	Unicorn-29061.exe
PID 2688 wrote to memory of 2984	2688	Unicorn-22160.exe	Unicorn-29061.exe
PID 2688 wrote to memory of 2984	2688	Unicorn-22160.exe	Unicorn-29061.exe
PID 2688 wrote to memory of 2984	2688	Unicorn-22160.exe	Unicorn-29061.exe
PID 2612 wrote to memory of 1052	2612	Unicorn-51465.exe	WerFault.exe
PID 2612 wrote to memory of 1052	2612	Unicorn-51465.exe	WerFault.exe
PID 2612 wrote to memory of 1052	2612	Unicorn-51465.exe	WerFault.exe
PID 2612 wrote to memory of 1052	2612	Unicorn-51465.exe	WerFault.exe
PID 2720 wrote to memory of 1816	2720	Unicorn-2191.exe	WerFault.exe
PID 2720 wrote to memory of 1816	2720	Unicorn-2191.exe	WerFault.exe
PID 2720 wrote to memory of 1816	2720	Unicorn-2191.exe	WerFault.exe
PID 2720 wrote to memory of 1816	2720	Unicorn-2191.exe	WerFault.exe
PID 1424 wrote to memory of 1540	1424	Unicorn-28869.exe	Unicorn-40582.exe
PID 1424 wrote to memory of 1540	1424	Unicorn-28869.exe	Unicorn-40582.exe
PID 1424 wrote to memory of 1540	1424	Unicorn-28869.exe	Unicorn-40582.exe
PID 1424 wrote to memory of 1540	1424	Unicorn-28869.exe	Unicorn-40582.exe

C:\Users\Admin\AppData\Local\Temp\ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe
"C:\Users\Admin\AppData\Local\Temp\ab364e6bc6b3945bc1ae6f5d98eeff7bbf74bc56d049bdfb3f7441e7ce93c866.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42186.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-28495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28495.exe
9⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
10⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
11⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
12⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
13⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
14⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
10⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
11⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
12⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-54465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54465.exe
13⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
12⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
11⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
10⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
9⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
10⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
12⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
11⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
9⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
8⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
8⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
11⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
12⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
13⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 236
13⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
12⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
10⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
9⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
10⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
11⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
12⤵
PID:11488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
12⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 220
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
11⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
8⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
- Program crash
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
8⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
11⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
12⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
13⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
12⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
11⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
9⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
11⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
7⤵
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 220
8⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
7⤵
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
9⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
10⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
12⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
13⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
14⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 236
14⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
13⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
12⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
11⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38871.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10121.exe
13⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
13⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
8⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
10⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
11⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
11⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
9⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
8⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
11⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 236
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
10⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
7⤵
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
8⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
11⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54770.exe
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 236
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
8⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
7⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
10⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
11⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
11⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
7⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 220
6⤵
- Program crash
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
8⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
11⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
12⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
13⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
11⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 216
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15326.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-52013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52013.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
11⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
9⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
7⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
11⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
12⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
12⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
11⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
10⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
10⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
8⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 220
7⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
8⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
11⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
12⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 236
12⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 236
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
7⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
8⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 220
9⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
8⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
7⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
6⤵
- Program crash
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
11⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
12⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
11⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
8⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
10⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 236
11⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
9⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
8⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
7⤵
- Program crash
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
6⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
9⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
10⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 236
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
10⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
8⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
7⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
8⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
9⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
10⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
10⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
9⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
8⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
7⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
6⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
5⤵
- Program crash
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
9⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
12⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
8⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
10⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
11⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 220
11⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57241.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
10⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
12⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 236
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
8⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
7⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
8⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 220
11⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
10⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
7⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
10⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 236
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
8⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
7⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 220
6⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-13419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13419.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
7⤵
PID:496

C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
10⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
11⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
12⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 220
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 236
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
7⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
6⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
9⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
11⤵
PID:11440

C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
12⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
10⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
9⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
8⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
7⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 220
6⤵
- Program crash
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
5⤵
- Program crash
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
7⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
11⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
10⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 220
8⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
7⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
6⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
7⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
9⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
10⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
10⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
8⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
7⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
6⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
6⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
9⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
10⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
11⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 236
11⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 236
10⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
9⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
8⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
7⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
6⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
5⤵
- Program crash
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
9⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
10⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
11⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
12⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
13⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
11⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
11⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
12⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 236
12⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
8⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60117.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
12⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 216
9⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
8⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
12⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
13⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
11⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
12⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
11⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30413.exe
8⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
11⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
12⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
10⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
11⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
8⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
7⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-50534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50534.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
8⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7784.exe
10⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
13⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
12⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-34453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34453.exe
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
10⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
11⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
12⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
7⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
11⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 236
11⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
10⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
8⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
7⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
11⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
12⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
8⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
9⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
10⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
10⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
9⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
8⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 220
7⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
6⤵
- Program crash
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
5⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50534.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
8⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
13⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25172.exe
10⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
11⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 216
12⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
10⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
11⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 236
11⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
8⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
7⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56161.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
12⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 236
11⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12268.exe
8⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
9⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
10⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
9⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
8⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
7⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
6⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
10⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
11⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
12⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
12⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
10⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
7⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-38183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38183.exe
8⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
9⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
10⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
11⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
10⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
9⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
8⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
7⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
6⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
9⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
10⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
11⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
10⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
8⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
7⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
6⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
5⤵
- Program crash
PID:2336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
7⤵
- Executes dropped EXE
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
8⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
9⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
10⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17211.exe
11⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
12⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
7⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
10⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
11⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 236
10⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
7⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
6⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
7⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
9⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
10⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
11⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
10⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
8⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
6⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
6⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-63350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63350.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
9⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
10⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
10⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
9⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
7⤵
- Program crash
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
6⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
7⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
8⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
9⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
10⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 236
10⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
9⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 236
8⤵
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
7⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
6⤵
- Program crash
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
5⤵
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
6⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
11⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
10⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
8⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
8⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
9⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
10⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
10⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
9⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
8⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
7⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
6⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
8⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
9⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21355.exe
10⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
10⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
9⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
8⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
7⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
6⤵
- Program crash
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
5⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
6⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
7⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
8⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
9⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
10⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 236
10⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
9⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
8⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
7⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
6⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
5⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
4⤵
- Program crash
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
2⤵
- Program crash
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe

Filesize
184KB

MD5
f25421d203fb7bc8c96eef5b0c6699a4

SHA1
74e77678b35d9e11c9f558cef23d8bce9fe60efb

SHA256
ef16c16f29d87431a3eb60b93e377edc39994c04a993f09512348d6099b8d502

SHA512
51f9fa258e0749b0d33a012ced0882c5370ab1e3644ce0f3213afe2b9b0288e857e2cf62edd0f095199b4c7154a7868395930aadf4c9c43df2a8ef6a258fb7e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe

Filesize
184KB

MD5
251aad81bbcdf35d22933b22c6776ca2

SHA1
278b3a00f0f889a390d10588459326d5ff3a4529

SHA256
2180ebced3057ad93305b9da497f09fe064b657a855bb2c8a311e37f6beb9211

SHA512
3d2016631da0e362e4ae3d0932283b992fe02abb9742a9a770d293bfbbb01102aaf24cdf9493275cda3eedd46962eaa5202d3455dc961ea65d977b35ca0d0760

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe

Filesize
184KB

MD5
4e8c2bcee253f305c765e699837e8944

SHA1
3b5f09744911277b8ca837d26e6c4b90cc13477c

SHA256
8fda8f89f845876715d1e20c0b42db606bc501b6dca99419518f661d63ec8e7d

SHA512
3feae2abf068af1f4ea8c058fe6c1b482052cdb5efaba59701ea1b4eb7fdb8f1451579c68c967f4ab22a91bdbc98dcdba6161d3a30289bed06aea0fbd182f015

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe

Filesize
184KB

MD5
688fe3747e65e1efe9feb7d46de287ee

SHA1
3ae07a3821cf374a1f8f9ca1f9f20ea40ac5d941

SHA256
46041ef2e23fc693a296d95018e6d7962824b672a1872213032cdc6b617fcf29

SHA512
296c594f7dd5092ec6caab1ce5622537527b9cfcc3de09c4f0d7ec5d50b5497add515a1df2fcd51d40d27ba9785e64e21ceb3b9d43f49eb6341400d2b8a17446

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe

Filesize
184KB

MD5
7bafc81794323e1d3ee6ea382bcdac19

SHA1
dfbbfe696630e4f51d02613e982447fb0e93fa83

SHA256
9e25bd1e3be21204ff7ac64e55a851f171163f0b38f8608be9d532af17991f36

SHA512
33227c7fde3708c47cd7dca0c054fb2cd355857992b84edd7f0ab808aa68cf83410662caddc8564c6178ba650c8e67f0edd2320105f295966ca70b2f6119efdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe

Filesize
184KB

MD5
261185649dee6fdd4a26b493a0f13098

SHA1
11fe5558e3e92c7e5cfe64b9ea311da251907351

SHA256
c4a65eb6441464fbd83c729f57ceb1ee7e83139dbdb6b51c0ca3d9ed2d4fad77

SHA512
b05e73368ee2904312ef7034315241e0d00a88b6dee137ddf7fd6c3224f507f48aec4e7222ad0e130d1f30f0fe68d4e454845e8d74a0f33fa4f04c5194fc52b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe

Filesize
184KB

MD5
b6d4f6da1b4455f022191a707f6909a4

SHA1
aa90ae407ad1075c30d548e3d4ef02576bd1e7b3

SHA256
f17071f33a262d60a423c91e660cc556a17d4b2b1828e7a7b77a0b771eb30050

SHA512
6ccc52e3a5960bba6c77468a75ab1d3e1a0cea6a0c57c596af3dd513fec2d99768c92651da6f7a9f6f962101de4c628b88ad2b0a936b7d9af06813d27f6e3513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe

Filesize
184KB

MD5
90aa3ee1bbc56ce2898060572e0bea6f

SHA1
feafb3b9a6897d9e526e4a08221cd71ec7585491

SHA256
8c85a624200714462247a99cca5b0ec0bb7539ca2658ddd88e1fbfb9a17d4ae2

SHA512
c7ab8b39bf2544ad380bbef36f04c0d29e951895a7048b90434f1e07e9c911c87303c507419f7dc51944275945b9a9b57e0ef719a78abec604851056f53b92f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe

Filesize
184KB

MD5
325bbeaaaf34a9382e2c433350a675b6

SHA1
b650a368ab9f9d4f920a21bfd726ea8ef0ef5f3e

SHA256
7d25e821d4a08b263dc800efef9fd31ddb72da5c1405d4e748db50aa58ceb0a0

SHA512
f0f44713e043cc12af80e036f303f3b1199afefc805c36950c1ec98b2c718b37f926295cf6b11c36e03a993fb0c0b24f4276288bdf4fec29a2e1f119f72edfab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe

Filesize
184KB

MD5
6edfa963b7cef2123ebec8ce483ddee0

SHA1
278dd5e3aeae630a3da0818d5a42f9cacd5ea012

SHA256
8d269a02df2dcf12a26b592ab4e26f4b523cb4c9f7231e162b54fd0d417d414f

SHA512
7a6ab892094a1d67e9d2faf3c757dc57709747cbf76c4ba89c50dba8bbe6e6177d2373d8c3b716ba4e48e97b9b38bb3420a7a5fd32d8b0a05c3d4169ca54a85c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe

Filesize
184KB

MD5
d448de0d7f55e0d9618ee005918d0f47

SHA1
6c21d26613387f0119dee13f99ee1db410540813

SHA256
a080627aa467eb4cbc3bde59f907cc4509bc7da2d38a91868ad5a9e18a67aa08

SHA512
7a581a52c70e30efacbd84763985b6d09006ef2a880938e9ce0c57f361c6ee566b230872b17abc71052879d9c3f48fce954df976512f29e90694999024fb685b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe

Filesize
184KB

MD5
9ee3f2fe1e8f7a376aaf1ad6b2c92559

SHA1
3f8f06483f29c2416fdb5b06b853d10ffa389c08

SHA256
9349fae46196dcfa6d4d5953c271e2e1ef3cc6cf6218f5ef93622b73f8a49bb2

SHA512
ccd0017ad1f8f8a4d9233bae190e5bcd08189f5aed10d029a0f7223dbfd99305e831bb171ed444f78ea6d57fe3d57a20afa935b42c87ffe9867af7e4993c3b2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe

Filesize
184KB

MD5
cf4ba06bdb05ec400fc56f4c12ee81f7

SHA1
5853940f77868b0033f0b50e747cbb277adb9c8c

SHA256
7fbcfaff7717a9a0fd1f8c54439ec12ba47ae08da88ce845d846d93428f25713

SHA512
41dc674813587e2af9ebec4e9749c87267d7f866d99ef6cc913f944d52286af0b29c3149188d635405fdddb559486915fefaa3c3c9c21bcfd678ded9cfcd7481

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe

Filesize
184KB

MD5
490dc8871757e2a3e98bcb6a6c63db0b

SHA1
139a274dfd53e310d4b12e9c52fde3cc8494d42b

SHA256
ceb239162dbb9290aef632dafb6f34ce8f18b830310cba813dd32b691325bc49

SHA512
935a497353729d68b6520622ccc279614e912f3a6bc9c0377db1bc3b1ca0afacecfa568c9e519533cad3dd348ec51537bd3e82d5b803357d8059afed87693a71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe

Filesize
184KB

MD5
7ec7e762dc0e699a4fe051e502ac5f04

SHA1
3ab9cbdc6b5624b4274f578a5fc8f854e326dde7

SHA256
92b18945b3354e1433729036e8372b15c448ccd0d0b1763a85d8ac96f07f8d10

SHA512
0bd52aa4cd40c71b2ab9bee2c6a02e0f9b0fe5151fc891abd87cab8ba4959fec265b5d43ba270a0a1920c9842f16377b31de085cd03cddeec0ff26d7f7f76bd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe

Filesize
184KB

MD5
9e394899b42c2c7de3dbdbc7b056e204

SHA1
61a44f65e21631858eadfaf4bb40aaa9998a5f6b

SHA256
824c9cad4b48f038dafa9790514f6a1242e25b1301426d4f70cfe8349b876bba

SHA512
d714b654a7d47e7b15d8fa2714f65d95983410af13f5b9dd2ebe4d59ad29ac8e9ed2ab7568c66af6818deb43e1f7d7d13d48be4a3b8fe6d09a4f2fccae519b41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe

Filesize
184KB

MD5
92d4f208e48a0539afa879953c55113c

SHA1
b33c603c561fba8e3008a43f4e74f364cad9358f

SHA256
4612521515e228e573b83f65de0f8d87f5dbb742feea032a9372a965a151aa1c

SHA512
bd7418547e6d174b79857b5fcca4bbd265697c35086e74b6fb562b2ac28e3a006e0e0ea52383d99778292f909bf63781f17456332ea3d8c7681ec3c419818d6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe

Filesize
184KB

MD5
c37ffcbcf45fb51fb870a64980238f98

SHA1
08507406eb15d9a875131f0b666174b3ea1776f4

SHA256
eee7ff96b9f0ff4a70f3cad778d14e64c5b51b6f2b2f98c47dbda0094bdaf389

SHA512
40815974202619424597fb91b6c5b0eba16411db110d8ed030547c815e64611b1f8b7ebd37b8f899b87ad84df9dc80794a21b4ddca01c52e6d5202970e5a4432

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe

Filesize
184KB

MD5
76299b31e9a4b0a6e14f97f62b7cf479

SHA1
0d340928384d3c64c6d18632649fbaade3bed38f

SHA256
3875e95546cf80106a697ece22485d9589dff65efd874e624fc8dd5a47a11531

SHA512
c4457c84dfeb04fb5faaeb3bc0daa7997dc3169c3b6777ecc0f59570863d959782b026ddbbe84e41c120e04ed1431f3c88bc91c95d6b8dbb3e7e52979fcfa48d

Download Submit