7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
Size

184KB
MD5

293d4c7e3b3797da26025312fa4be8b7
SHA1

f2452837d4d1cd6ae5586c8340ee77748c7ede7c
SHA256

7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017
SHA512

0952ff0a0fa3cd4f69e89aa8a2060aaba8b5f961abbc80b7332e0ee8d51636333cac097b57979edb71562f79ab7f5224813fef7cf1f3d8c05f91acfdb92b844a
SSDEEP

3072:xZgWQ8ofuUhTdFaWe8jLRtsLhlnViFFn3:xZJoDJFakLbsLhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-17662.exeUnicorn-21829.exeUnicorn-28605.exeUnicorn-26873.exeUnicorn-49986.exeUnicorn-230.exeUnicorn-53562.exeUnicorn-18752.exeUnicorn-41864.exeUnicorn-35280.exeUnicorn-50225.exeUnicorn-31279.exeUnicorn-23665.exeUnicorn-39447.exeUnicorn-43531.exeUnicorn-54392.exeUnicorn-32409.exeUnicorn-52275.exeUnicorn-20733.exeUnicorn-33561.exeUnicorn-53427.exeUnicorn-12394.exeUnicorn-55565.exeUnicorn-51481.exeUnicorn-9057.exeUnicorn-28923.exeUnicorn-24839.exeUnicorn-4973.exeUnicorn-39783.exeUnicorn-41258.exeUnicorn-45342.exeUnicorn-2918.exeUnicorn-22784.exeUnicorn-61678.exeUnicorn-54257.exeUnicorn-27614.exeUnicorn-47480.exeUnicorn-62425.exeUnicorn-51564.exeUnicorn-33090.exeUnicorn-47843.exeUnicorn-45150.exeUnicorn-22592.exeUnicorn-18508.exeUnicorn-64179.exeUnicorn-18508.exeUnicorn-10894.exeUnicorn-13307.exeUnicorn-33173.exeUnicorn-45425.exeUnicorn-38003.exeUnicorn-57869.exeUnicorn-31227.exeUnicorn-46172.exeUnicorn-4584.exeUnicorn-55539.exeUnicorn-31589.exeUnicorn-28897.exeUnicorn-6338.exeUnicorn-29451.exeUnicorn-26951.exeUnicorn-35119.exeUnicorn-50064.exeUnicorn-47371.exe

pid	process
2368	Unicorn-17662.exe
2932	Unicorn-21829.exe
2764	Unicorn-28605.exe
2596	Unicorn-26873.exe
1844	Unicorn-49986.exe
2512	Unicorn-230.exe
2824	Unicorn-53562.exe
3040	Unicorn-18752.exe
2876	Unicorn-41864.exe
2712	Unicorn-35280.exe
1876	Unicorn-50225.exe
768	Unicorn-31279.exe
340	Unicorn-23665.exe
372	Unicorn-39447.exe
2084	Unicorn-43531.exe
3000	Unicorn-54392.exe
2096	Unicorn-32409.exe
2020	Unicorn-52275.exe
1136	Unicorn-20733.exe
2348	Unicorn-33561.exe
1768	Unicorn-53427.exe
1088	Unicorn-12394.exe
1736	Unicorn-55565.exe
1712	Unicorn-51481.exe
1312	Unicorn-9057.exe
1936	Unicorn-28923.exe
2144	Unicorn-24839.exe
2980	Unicorn-4973.exe
2400	Unicorn-39783.exe
2996	Unicorn-41258.exe
2660	Unicorn-45342.exe
2592	Unicorn-2918.exe
1264	Unicorn-22784.exe
2708	Unicorn-61678.exe
2704	Unicorn-54257.exe
2688	Unicorn-27614.exe
2480	Unicorn-47480.exe
1048	Unicorn-62425.exe
1888	Unicorn-51564.exe
2888	Unicorn-33090.exe
2924	Unicorn-47843.exe
2720	Unicorn-45150.exe
1304	Unicorn-22592.exe
1612	Unicorn-18508.exe
1988	Unicorn-64179.exe
2540	Unicorn-18508.exe
2800	Unicorn-10894.exe
2560	Unicorn-13307.exe
2316	Unicorn-33173.exe
1464	Unicorn-45425.exe
1408	Unicorn-38003.exe
2204	Unicorn-57869.exe
1880	Unicorn-31227.exe
2192	Unicorn-46172.exe
1316	Unicorn-4584.exe
1636	Unicorn-55539.exe
892	Unicorn-31589.exe
2200	Unicorn-28897.exe
2224	Unicorn-6338.exe
2324	Unicorn-29451.exe
2292	Unicorn-26951.exe
1488	Unicorn-35119.exe
2724	Unicorn-50064.exe
2484	Unicorn-47371.exe

Loads dropped DLL 64 IoCs

Processes:

7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exeUnicorn-17662.exeUnicorn-21829.exeUnicorn-28605.exeWerFault.exeUnicorn-26873.exeUnicorn-49986.exeUnicorn-230.exeWerFault.exeWerFault.exeUnicorn-35280.exeUnicorn-53562.exeUnicorn-41864.exeUnicorn-18752.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
2368	Unicorn-17662.exe
2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
2368	Unicorn-17662.exe
2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
2932	Unicorn-21829.exe
2932	Unicorn-21829.exe
2368	Unicorn-17662.exe
2368	Unicorn-17662.exe
2764	Unicorn-28605.exe
2764	Unicorn-28605.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2596	Unicorn-26873.exe
2596	Unicorn-26873.exe
1844	Unicorn-49986.exe
1844	Unicorn-49986.exe
2932	Unicorn-21829.exe
2932	Unicorn-21829.exe
2512	Unicorn-230.exe
2512	Unicorn-230.exe
2764	Unicorn-28605.exe
2764	Unicorn-28605.exe
1704	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
2728	WerFault.exe
1704	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2712	Unicorn-35280.exe
2712	Unicorn-35280.exe
2512	Unicorn-230.exe
2512	Unicorn-230.exe
2824	Unicorn-53562.exe
2824	Unicorn-53562.exe
2876	Unicorn-41864.exe
2876	Unicorn-41864.exe
1844	Unicorn-49986.exe
1844	Unicorn-49986.exe
3040	Unicorn-18752.exe
2596	Unicorn-26873.exe
3040	Unicorn-18752.exe
2596	Unicorn-26873.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
1728	WerFault.exe
1728	WerFault.exe
1728	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2700	2036	WerFault.exe	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
2584	2368	WerFault.exe	Unicorn-17662.exe
1704	2932	WerFault.exe	Unicorn-21829.exe
2728	2764	WerFault.exe	Unicorn-28605.exe
1928	2596	WerFault.exe	Unicorn-26873.exe
900	1844	WerFault.exe	Unicorn-49986.exe
1728	2512	WerFault.exe	Unicorn-230.exe
2300	2712	WerFault.exe	Unicorn-35280.exe
1520	1876	WerFault.exe	Unicorn-50225.exe
2164	2876	WerFault.exe	Unicorn-41864.exe
1432	2824	WerFault.exe	Unicorn-53562.exe
2132	3040	WerFault.exe	Unicorn-18752.exe
2040	768	WerFault.exe	Unicorn-31279.exe
1604	340	WerFault.exe	Unicorn-23665.exe
1752	2096	WerFault.exe	Unicorn-32409.exe
620	2020	WerFault.exe	Unicorn-52275.exe
2320	3000	WerFault.exe	Unicorn-54392.exe
1504	2084	WerFault.exe	Unicorn-43531.exe
1096	372	WerFault.exe	Unicorn-39447.exe
2968	856	WerFault.exe	Unicorn-64283.exe
2412	1136	WerFault.exe	Unicorn-20733.exe
1532	2348	WerFault.exe	Unicorn-33561.exe
2984	1768	WerFault.exe	Unicorn-53427.exe
2024	1088	WerFault.exe	Unicorn-12394.exe
2176	1736	WerFault.exe	Unicorn-55565.exe
2160	1312	WerFault.exe	Unicorn-9057.exe
2604	1712	WerFault.exe	Unicorn-51481.exe
2948	2400	WerFault.exe	Unicorn-39783.exe
2744	1936	WerFault.exe	Unicorn-28923.exe
2624	2144	WerFault.exe	Unicorn-24839.exe
2488	2980	WerFault.exe	Unicorn-4973.exe
836	2204	WerFault.exe	Unicorn-57869.exe
2828	1636	WerFault.exe	Unicorn-55539.exe
2836	560	WerFault.exe	Unicorn-65207.exe
2052	2996	WerFault.exe	Unicorn-41258.exe
2088	2660	WerFault.exe	Unicorn-45342.exe
3176	2708	WerFault.exe	Unicorn-61678.exe
3192	2480	WerFault.exe	Unicorn-47480.exe
3252	2704	WerFault.exe	Unicorn-54257.exe
3276	1304	WerFault.exe	Unicorn-22592.exe
3284	2720	WerFault.exe	Unicorn-45150.exe
3416	1048	WerFault.exe	Unicorn-62425.exe
3444	2888	WerFault.exe	Unicorn-33090.exe
3548	2800	WerFault.exe	Unicorn-10894.exe
3616	1264	WerFault.exe	Unicorn-22784.exe
3712	2540	WerFault.exe	Unicorn-18508.exe
3740	2688	WerFault.exe	Unicorn-27614.exe
3748	2924	WerFault.exe	Unicorn-47843.exe
3772	1988	WerFault.exe	Unicorn-64179.exe
3788	1888	WerFault.exe	Unicorn-51564.exe
3908	2316	WerFault.exe	Unicorn-33173.exe
4084	2560	WerFault.exe	Unicorn-13307.exe
3384	600	WerFault.exe	Unicorn-2877.exe
3604	1408	WerFault.exe	Unicorn-38003.exe
3892	1464	WerFault.exe	Unicorn-45425.exe
4060	2676	WerFault.exe	Unicorn-34158.exe
4068	2224	WerFault.exe	Unicorn-6338.exe
3324	2292	WerFault.exe	Unicorn-26951.exe
3452	2484	WerFault.exe	Unicorn-47371.exe
3484	2724	WerFault.exe	Unicorn-50064.exe
4028	2656	WerFault.exe	Unicorn-21305.exe
4044	2916	WerFault.exe	Unicorn-32165.exe
3144	920	WerFault.exe	Unicorn-5523.exe
3224	1488	WerFault.exe	Unicorn-35119.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exeUnicorn-17662.exeUnicorn-21829.exeUnicorn-28605.exeUnicorn-26873.exeUnicorn-49986.exeUnicorn-230.exeUnicorn-53562.exeUnicorn-18752.exeUnicorn-41864.exeUnicorn-35280.exeUnicorn-50225.exeUnicorn-31279.exeUnicorn-23665.exeUnicorn-52275.exeUnicorn-43531.exeUnicorn-39447.exeUnicorn-32409.exeUnicorn-54392.exeUnicorn-20733.exeUnicorn-33561.exeUnicorn-53427.exeUnicorn-12394.exeUnicorn-55565.exeUnicorn-51481.exeUnicorn-9057.exeUnicorn-28923.exeUnicorn-24839.exeUnicorn-39783.exeUnicorn-4973.exeUnicorn-41258.exeUnicorn-45342.exeUnicorn-2918.exeUnicorn-22784.exeUnicorn-61678.exeUnicorn-54257.exeUnicorn-47480.exeUnicorn-27614.exeUnicorn-62425.exeUnicorn-51564.exeUnicorn-33090.exeUnicorn-47843.exeUnicorn-45150.exeUnicorn-22592.exeUnicorn-64179.exeUnicorn-18508.exeUnicorn-10894.exeUnicorn-18508.exeUnicorn-13307.exeUnicorn-33173.exeUnicorn-45425.exeUnicorn-38003.exeUnicorn-57869.exeUnicorn-46172.exeUnicorn-31227.exeUnicorn-4584.exeUnicorn-55539.exeUnicorn-31589.exeUnicorn-28897.exeUnicorn-6338.exeUnicorn-29451.exeUnicorn-26951.exeUnicorn-50064.exeUnicorn-35119.exe

pid	process
2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
2368	Unicorn-17662.exe
2932	Unicorn-21829.exe
2764	Unicorn-28605.exe
2596	Unicorn-26873.exe
1844	Unicorn-49986.exe
2512	Unicorn-230.exe
2824	Unicorn-53562.exe
3040	Unicorn-18752.exe
2876	Unicorn-41864.exe
2712	Unicorn-35280.exe
1876	Unicorn-50225.exe
768	Unicorn-31279.exe
340	Unicorn-23665.exe
2020	Unicorn-52275.exe
2084	Unicorn-43531.exe
372	Unicorn-39447.exe
2096	Unicorn-32409.exe
3000	Unicorn-54392.exe
1136	Unicorn-20733.exe
2348	Unicorn-33561.exe
1768	Unicorn-53427.exe
1088	Unicorn-12394.exe
1736	Unicorn-55565.exe
1712	Unicorn-51481.exe
1312	Unicorn-9057.exe
1936	Unicorn-28923.exe
2144	Unicorn-24839.exe
2400	Unicorn-39783.exe
2980	Unicorn-4973.exe
2996	Unicorn-41258.exe
2660	Unicorn-45342.exe
2592	Unicorn-2918.exe
1264	Unicorn-22784.exe
2708	Unicorn-61678.exe
2704	Unicorn-54257.exe
2480	Unicorn-47480.exe
2688	Unicorn-27614.exe
1048	Unicorn-62425.exe
1888	Unicorn-51564.exe
2888	Unicorn-33090.exe
2924	Unicorn-47843.exe
2720	Unicorn-45150.exe
1304	Unicorn-22592.exe
1988	Unicorn-64179.exe
1612	Unicorn-18508.exe
2800	Unicorn-10894.exe
2540	Unicorn-18508.exe
2560	Unicorn-13307.exe
2316	Unicorn-33173.exe
1464	Unicorn-45425.exe
1408	Unicorn-38003.exe
2204	Unicorn-57869.exe
2192	Unicorn-46172.exe
1880	Unicorn-31227.exe
1316	Unicorn-4584.exe
1636	Unicorn-55539.exe
892	Unicorn-31589.exe
2200	Unicorn-28897.exe
2224	Unicorn-6338.exe
2324	Unicorn-29451.exe
2292	Unicorn-26951.exe
2724	Unicorn-50064.exe
1488	Unicorn-35119.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exeUnicorn-17662.exeUnicorn-21829.exeUnicorn-28605.exeUnicorn-26873.exeUnicorn-49986.exeUnicorn-230.exeUnicorn-35280.exe

description	pid	process	target process
PID 2036 wrote to memory of 2368	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-17662.exe
PID 2036 wrote to memory of 2368	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-17662.exe
PID 2036 wrote to memory of 2368	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-17662.exe
PID 2036 wrote to memory of 2368	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-17662.exe
PID 2368 wrote to memory of 2932	2368	Unicorn-17662.exe	Unicorn-21829.exe
PID 2368 wrote to memory of 2932	2368	Unicorn-17662.exe	Unicorn-21829.exe
PID 2368 wrote to memory of 2932	2368	Unicorn-17662.exe	Unicorn-21829.exe
PID 2368 wrote to memory of 2932	2368	Unicorn-17662.exe	Unicorn-21829.exe
PID 2036 wrote to memory of 2764	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-28605.exe
PID 2036 wrote to memory of 2764	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-28605.exe
PID 2036 wrote to memory of 2764	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-28605.exe
PID 2036 wrote to memory of 2764	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	Unicorn-28605.exe
PID 2036 wrote to memory of 2700	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	WerFault.exe
PID 2036 wrote to memory of 2700	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	WerFault.exe
PID 2036 wrote to memory of 2700	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	WerFault.exe
PID 2036 wrote to memory of 2700	2036	7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe	WerFault.exe
PID 2932 wrote to memory of 2596	2932	Unicorn-21829.exe	Unicorn-26873.exe
PID 2932 wrote to memory of 2596	2932	Unicorn-21829.exe	Unicorn-26873.exe
PID 2932 wrote to memory of 2596	2932	Unicorn-21829.exe	Unicorn-26873.exe
PID 2932 wrote to memory of 2596	2932	Unicorn-21829.exe	Unicorn-26873.exe
PID 2368 wrote to memory of 1844	2368	Unicorn-17662.exe	Unicorn-49986.exe
PID 2368 wrote to memory of 1844	2368	Unicorn-17662.exe	Unicorn-49986.exe
PID 2368 wrote to memory of 1844	2368	Unicorn-17662.exe	Unicorn-49986.exe
PID 2368 wrote to memory of 1844	2368	Unicorn-17662.exe	Unicorn-49986.exe
PID 2764 wrote to memory of 2512	2764	Unicorn-28605.exe	Unicorn-230.exe
PID 2764 wrote to memory of 2512	2764	Unicorn-28605.exe	Unicorn-230.exe
PID 2764 wrote to memory of 2512	2764	Unicorn-28605.exe	Unicorn-230.exe
PID 2764 wrote to memory of 2512	2764	Unicorn-28605.exe	Unicorn-230.exe
PID 2368 wrote to memory of 2584	2368	Unicorn-17662.exe	WerFault.exe
PID 2368 wrote to memory of 2584	2368	Unicorn-17662.exe	WerFault.exe
PID 2368 wrote to memory of 2584	2368	Unicorn-17662.exe	WerFault.exe
PID 2368 wrote to memory of 2584	2368	Unicorn-17662.exe	WerFault.exe
PID 2596 wrote to memory of 3040	2596	Unicorn-26873.exe	Unicorn-18752.exe
PID 2596 wrote to memory of 3040	2596	Unicorn-26873.exe	Unicorn-18752.exe
PID 2596 wrote to memory of 3040	2596	Unicorn-26873.exe	Unicorn-18752.exe
PID 2596 wrote to memory of 3040	2596	Unicorn-26873.exe	Unicorn-18752.exe
PID 1844 wrote to memory of 2824	1844	Unicorn-49986.exe	Unicorn-53562.exe
PID 1844 wrote to memory of 2824	1844	Unicorn-49986.exe	Unicorn-53562.exe
PID 1844 wrote to memory of 2824	1844	Unicorn-49986.exe	Unicorn-53562.exe
PID 1844 wrote to memory of 2824	1844	Unicorn-49986.exe	Unicorn-53562.exe
PID 2932 wrote to memory of 2876	2932	Unicorn-21829.exe	Unicorn-41864.exe
PID 2932 wrote to memory of 2876	2932	Unicorn-21829.exe	Unicorn-41864.exe
PID 2932 wrote to memory of 2876	2932	Unicorn-21829.exe	Unicorn-41864.exe
PID 2932 wrote to memory of 2876	2932	Unicorn-21829.exe	Unicorn-41864.exe
PID 2512 wrote to memory of 2712	2512	Unicorn-230.exe	Unicorn-35280.exe
PID 2512 wrote to memory of 2712	2512	Unicorn-230.exe	Unicorn-35280.exe
PID 2512 wrote to memory of 2712	2512	Unicorn-230.exe	Unicorn-35280.exe
PID 2512 wrote to memory of 2712	2512	Unicorn-230.exe	Unicorn-35280.exe
PID 2764 wrote to memory of 1876	2764	Unicorn-28605.exe	Unicorn-50225.exe
PID 2764 wrote to memory of 1876	2764	Unicorn-28605.exe	Unicorn-50225.exe
PID 2764 wrote to memory of 1876	2764	Unicorn-28605.exe	Unicorn-50225.exe
PID 2764 wrote to memory of 1876	2764	Unicorn-28605.exe	Unicorn-50225.exe
PID 2932 wrote to memory of 1704	2932	Unicorn-21829.exe	WerFault.exe
PID 2932 wrote to memory of 1704	2932	Unicorn-21829.exe	WerFault.exe
PID 2932 wrote to memory of 1704	2932	Unicorn-21829.exe	WerFault.exe
PID 2932 wrote to memory of 1704	2932	Unicorn-21829.exe	WerFault.exe
PID 2764 wrote to memory of 2728	2764	Unicorn-28605.exe	WerFault.exe
PID 2764 wrote to memory of 2728	2764	Unicorn-28605.exe	WerFault.exe
PID 2764 wrote to memory of 2728	2764	Unicorn-28605.exe	WerFault.exe
PID 2764 wrote to memory of 2728	2764	Unicorn-28605.exe	WerFault.exe
PID 2712 wrote to memory of 768	2712	Unicorn-35280.exe	Unicorn-31279.exe
PID 2712 wrote to memory of 768	2712	Unicorn-35280.exe	Unicorn-31279.exe
PID 2712 wrote to memory of 768	2712	Unicorn-35280.exe	Unicorn-31279.exe
PID 2712 wrote to memory of 768	2712	Unicorn-35280.exe	Unicorn-31279.exe

C:\Users\Admin\AppData\Local\Temp\7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe
"C:\Users\Admin\AppData\Local\Temp\7892b3c5fae33f97d955e93a59a6d565d6681518771aa53e3f821c9595934017.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27718.exe
10⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
11⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
12⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
13⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
14⤵
PID:11504

C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
15⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
14⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
13⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
12⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
11⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
10⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
11⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
12⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
13⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
14⤵
PID:12156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
15⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
14⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
13⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
11⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
10⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
9⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
9⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
10⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
10⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
9⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
8⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
8⤵
- Executes dropped EXE
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
9⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
10⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
11⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
12⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
13⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
14⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
14⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 236
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
12⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
9⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
12⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
13⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
11⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
8⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
7⤵
- Program crash
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
8⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17652.exe
9⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
11⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
12⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
13⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
14⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 236
14⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
13⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
11⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
11⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
12⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
13⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
14⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
13⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
12⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
11⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
8⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
11⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
12⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 236
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
12⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
9⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
8⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
8⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 188
11⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
8⤵
- Program crash
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
6⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
9⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
11⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
12⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
13⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
14⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
15⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
13⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
12⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
11⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
10⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
9⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
8⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
8⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
11⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
12⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
13⤵
PID:11956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
14⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 216
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
9⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
12⤵
PID:11724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
13⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 236
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 220
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
- Program crash
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
8⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
11⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38402.exe
12⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
13⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
13⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
12⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 236
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
10⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
11⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
12⤵
PID:12168

C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
13⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
11⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
7⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
11⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
12⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
13⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
7⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
6⤵
- Program crash
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
8⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
10⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
11⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
12⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
13⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
14⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
14⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
13⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
12⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
11⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
12⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
13⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
13⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
12⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
9⤵
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
7⤵
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
11⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
12⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
13⤵
PID:11732

C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
14⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
12⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
9⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
8⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
7⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
10⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 200
11⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
10⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
11⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
12⤵
PID:11820

C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
13⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
7⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-2358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2358.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
9⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
8⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
7⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 220
6⤵
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
11⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-7535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7535.exe
12⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
13⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 236
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
11⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
12⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
7⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
6⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
11⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62351.exe
12⤵
PID:11792

C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
13⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
9⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
11⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 236
10⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
9⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
8⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
6⤵
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
5⤵
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
8⤵
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 188
9⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe
7⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
11⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
12⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
13⤵
PID:11708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
14⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 236
12⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
11⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
12⤵
PID:12236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
13⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
12⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
12⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 220
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
11⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
12⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
13⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
11⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
7⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
10⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
11⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
12⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
8⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
6⤵
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
7⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
6⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
10⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
11⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
12⤵
PID:12088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
13⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 236
12⤵
PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
11⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 236
10⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
7⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
10⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
11⤵
PID:11940

C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
12⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 236
11⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
10⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
9⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
8⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
6⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
7⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
10⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
12⤵
PID:11592

C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
13⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
8⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
7⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
6⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
8⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
9⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
10⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
11⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
10⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
9⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
8⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 216
7⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
6⤵
- Program crash
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
5⤵
- Program crash
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
9⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
11⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
12⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
13⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
14⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
15⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 236
15⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 236
14⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
13⤵
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
12⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
11⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
10⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
11⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
12⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
13⤵
PID:11428

C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
14⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
12⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
11⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
12⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
13⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
14⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
14⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
13⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
12⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
10⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
9⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
11⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
12⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
13⤵
PID:11324

C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
14⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 236
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20401.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
12⤵
PID:11384

C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
8⤵
- Program crash
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19567.exe
11⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
12⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe
13⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
14⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
14⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 236
13⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
11⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
12⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
13⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
9⤵
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 240
10⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
8⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
8⤵
- Program crash
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
7⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 300
8⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
6⤵
- Program crash
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
8⤵
PID:600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 220
9⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36069.exe
10⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62439.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
12⤵
PID:12284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
13⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 236
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
11⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
10⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
9⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 220
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
7⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
11⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
12⤵
PID:11520

C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
13⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
7⤵
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 200
8⤵
- Program crash
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
7⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
6⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
5⤵
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12394.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 224
8⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
7⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
10⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47530.exe
11⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 236
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 220
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
8⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
10⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
11⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
12⤵
PID:11836

C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
13⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4859.exe
7⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
8⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
9⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
10⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
11⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
12⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
10⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
9⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
8⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
7⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
6⤵
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
7⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5155.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
11⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11776 -s 220
13⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 216
8⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
7⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
9⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
10⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11556 -s 224
12⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
11⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
10⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
9⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
8⤵
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
7⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
6⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
9⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 224
11⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 236
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
9⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
8⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
7⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
6⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
5⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
7⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
8⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
11⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
12⤵
PID:12196

C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
13⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
11⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
10⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
11⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
12⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 236
12⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
11⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
10⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
8⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35118.exe
7⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64387.exe
8⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 220
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
8⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
7⤵
- Program crash
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45150.exe
6⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-28150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28150.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
9⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
11⤵
PID:11684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
12⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11684 -s 236
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
10⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
9⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
8⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
7⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
8⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
9⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
10⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
11⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 216
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
10⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 236
9⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
8⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
6⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
6⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
10⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
11⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
12⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
11⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
8⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
7⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
8⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
9⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
10⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37541.exe
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 236
11⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
10⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
9⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
8⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
7⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
6⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
8⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
9⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
10⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 236
11⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
9⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
8⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
7⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
6⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
5⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
4⤵
- Program crash
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
2⤵
- Program crash
PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe

Filesize
184KB

MD5
4af6e42187168c539c9319026ba6a530

SHA1
dcc0848ca00eb63aa016ba80e17bae1ac3e773b7

SHA256
b57e0d375b9d90faa33185802be5890bef28084f45a50d84a11826898980ac97

SHA512
1df56b0e275eee97a3dbd81ffaea445ef551b3fdae45cbdcbf9f8909bb5eb20b3c884b42e70415034dd6fa115fa096c75279b67f54a5a56bb60e1e4d77155316

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe

Filesize
184KB

MD5
fbb567b3b7c01b21632e940515bc28f5

SHA1
354aa91bfdd81f78248414cbbe66590e5963b812

SHA256
0f5642292409dc6ecdd85e490b7f9df720e0cb9502489bc4ac2b3a274a103d8d

SHA512
386c4c26bbaf76ce9c4a36589b5f4f4a9f7a1fa1fe899b916e637d5f1424e4603792d2cd740e4cc61bd6a1a9790f4bbc90b1a974b2b94278c103f5770ded5571

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe

Filesize
184KB

MD5
8de245fab0165674fbdf4cdd5da14f57

SHA1
dce16eead68c01539bb4f9da26c3ddf9afd6c596

SHA256
a6ffae8b3426b311492357f7ec335a474b39966cace397f548a893f999fb0318

SHA512
136244ca89d05407d10f5acf15aeaa98548a63c327f3db241ad206ee145ef790f9122a4c5077435e1bef2b40bcc7fe3920f3fc1ca66a9c8dc32920f67b862fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe

Filesize
184KB

MD5
7bcf79af1cf26c073c1f8f663f43ea23

SHA1
e1392170cf0abbfc6a5ef026a285a35d872666ec

SHA256
6c648ce5ba0893703a555ccad29ffee8fcf6b770147076da1746588fa1097b03

SHA512
db1586b46315c31413ea5717fb74877f2d0caa8a78e88f2cb33d758803925aaeea1d0c1ba1f8596f2d1cdebf30876e78d3be5aef13550514a3119c690b0d9f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40333.exe

Filesize
184KB

MD5
8f934e03b4257aa5577083bc4f24fb25

SHA1
c6b26083e2c053f230d9880d8f943c04043cb67b

SHA256
d4bda545a2875bbe8a535398ff592bb0ed4e821719285c178cc12f8d5544e369

SHA512
2d8b09709631c00c59eea74285e297c63801c76c36db3735301e307003d68eb228ae73e1e0f2bf0f98e89d74ddd021a412383b7c6fc20f6c791169ee7d93b0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe

Filesize
184KB

MD5
9febcd44efa1acda10a4145bb1358dda

SHA1
1ccd4b93885715d4c4c4f88c3d0b35fa24e23e6c

SHA256
b92c7d3c20f9ca6eb445b7c86b749fe9bbfda178c5b924cb317d72736d7287f0

SHA512
30e2be76f989aa355bd83f12500b427d8f1e50f17770059adba6b7f8b2a0ceaf480faccecf9dea6b10bfba05769b0948a3bd09bbc64ee639bcbec6dc7f2551c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe

Filesize
184KB

MD5
fd6d42d71457abba5be2a3f250f44d89

SHA1
454875b0e9db8065c7713a295a4302052a5cf249

SHA256
3ffe556e5d1536d10b535f8706a6191213bcec928cae47a2e9ec6cc1a0c78b9f

SHA512
e58b48938c73e8bc9be0bdb1d2c1b24d52da469399af814b79a44f394d882709a7d3842a00c30211ae1d2dbe19de5005e60f159c3088e4cba8a86c7d2dcf6671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe

Filesize
184KB

MD5
a87abf74a1b6e0f99594cfa6e1e5d9e5

SHA1
ce3d1c218de3f734997d7c024a1c4cfa9c1d6f5d

SHA256
7c8278b0ea71b7ca38577c335693287a1567f25a51d8c526f3003c1061c41ab8

SHA512
88bff735644fd4f295809c1fdecf9a70808305c628d8ce963fe2e687577fd80d1c32e1d47886f4100637d820bb44a516777b3607e17166b50ed5a588b561a3b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe

Filesize
184KB

MD5
9c0d52ba5dbe71b9701d6108a4a06951

SHA1
3e0546bc26d6f6402115d15ce25e2f0b85a9ec1f

SHA256
0fe45cc487ab462776aeeac9dd0a8f67044651146e41b39c9860787440df5a7c

SHA512
e4ac1dfa0fb76dc5b172b95afd1a6e7c3bd1858f98426398bbac8829881056eb1d3d0f2ede83fd8a13dc98cb075a1314fa9e14ba8832f0b503ce5dc5accc2b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe

Filesize
184KB

MD5
3305fb82a6d7d132f13978cade6661fe

SHA1
ad840f8cb6784dca518e92835cf1dbf761cd2263

SHA256
19644e9da5ffe983e6052ab643aec7639fe9fc3fb5f7c4478d374d22a87073c1

SHA512
55955bc25f192e6aad3ee388977a0ed23c1733b58ecb86c19cde338ac6421e0adf21b06e0c51a2681b9275213c937c458e3e6c42a677e715213d0f1c74180d1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe

Filesize
184KB

MD5
85a66c0cf045e0215da5f6a430ecf16a

SHA1
e8b05c5b6776efd5934fe4ddc904c9f113746f63

SHA256
e3e9978e268eb05c0d686fb9763228833ea7ec982553b665ab23f8545fc72309

SHA512
58fac8a1d92c2afdf4c0a38cd4fb188c5617fa9c3081eb823559bfc181747343583435c5c19a35954e843a7ab156aadc87dcb6ca992ae6b72789212de736829a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe

Filesize
184KB

MD5
0cd1c0cbc4042df9f2a5c89761309756

SHA1
81595a0584521d193839ac2b157306dbab3af4b3

SHA256
0fd59f17c8e5eaa4abce3433bccf4c1e8c93f9433a07d4d544011a3df1586c78

SHA512
ec4bc4191c51f6b1a1e2505d035b384ab573b2e457bdade9d8f04a3145048ff34ee7522eb3ab656064bc83bc86839f305490dee38c05f0609fbf1ba01ee26d1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe

Filesize
184KB

MD5
812d8c3708b2909ef911405fd8ea5042

SHA1
661bf1c2339810c35e4cf4b7c0f697ba456a6c21

SHA256
972359e188b1e7fad283fab459f012d074829204a30a13404844034fc3d3fd84

SHA512
5231f247cf643407f4c05860dbc688e116346ca4d26754d749e55362ab898a436296332aae500298601fe0caa0ac40033bbe76f4c9c825f760411de99cf88bf2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-230.exe

Filesize
184KB

MD5
775b441a33fb9007939162494af10db8

SHA1
436ed0ab551f1fa5c4fb2f05b0ae73bdaa7dd052

SHA256
255681b759087f1fabb9931eaa509e9e6bc418a473316492be59621bb4938db7

SHA512
b0f4492eb73a75d73e6e437a3a68e9c353f93414a8a2b295966a802d12e543f4e7fd3ca0714f004eac1bea6700e1468733493d9efe18f25678869e8489967055

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe

Filesize
184KB

MD5
5f5b14253a45161b2e696e994e1da39a

SHA1
267a5bc8cfc1cd691f72004f2e95c177d4d792a7

SHA256
eefdaf04df180255204f1caaf9f00c0c854c208edab2d496dfadf40a78261374

SHA512
a625a484f6223d9d7ed6387cbad27dd001c94ad2f39cd92deffddbccaf785a21e19840ffa6a98fa363062f1691f58b9047b393e2e75f72fdaa700ef5115b532b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe

Filesize
184KB

MD5
d3ce393ca5caf595baac5ca62d240f40

SHA1
54ffa1828818e844e70039f4e4f1c1184bedbfea

SHA256
e20fcbed64bb6ac348921015ab87539ac120650d451b0de2e48895ad478c5906

SHA512
0643495060d204dcca0f9fc5807d1a39ee0e1a57e725db2e25989da83bba85c3b6327ee170041212000ca0bea9df205e55f2768284a5bb9a7c479b4276810993

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe

Filesize
184KB

MD5
06bf7e9e04c9a3872f02de0bfcd57da7

SHA1
cfc3f6831f49f896792de4279c79c7df2c60fe11

SHA256
dd0bc6d9160c632bbf56ccf867e520fbafa18cfa7a295d029b1551ebd32cf886

SHA512
f6e7070e69c9463ded3b08c5cf6cf6d02db739d7d5559d4eaecd1adb6c7ada40cacd9e3ccedbd1501ce8c898d0a8f02b2a994b8c811b2e72c2eefa07dcd569c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe

Filesize
184KB

MD5
884ba5b2cd031da8e44ccd4642da657e

SHA1
ec9a89d643245a030c7c22cc2f42c79661a52a55

SHA256
6c51cc51f33f47adf6563637af2a796caa38d606294b8f972318e8ebcfd141eb

SHA512
f2b0c966e5ada1c14980b1040dc8b5c9e3b5dae339fe3acfb869d090ee121c3a78d59af1627b18e099486919f43c7ebecc9f7493e3986bdda79af9a95d3d0565

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe

Filesize
184KB

MD5
745cafba14f94135605dcb8a69732e14

SHA1
6ec0d9faa6523748bc4b1f36939dd3e1b483ae67

SHA256
83ce616c6053fe95720831a1e1500ac45a950536bbbea92035da9acbe7d90077

SHA512
dbf479671e4e7b20ae089764f1d5a928fba98914fb8cc74e204bd886b3c3afa5352bd7c4d40d40f73075e7a33052325b0554cf5cb235c132228528bfeed2818e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe

Filesize
184KB

MD5
790c9b3f8e7881af512d3281bec944d1

SHA1
41dec2808a94b073e0c0e0234f3da0f97e0ca542

SHA256
69c876a88f37101e0ecd3f43624c4018cb4c68241afde449ff8dbfb7fa53cea4

SHA512
8be296ae5fcb8fa91ee50998ae76bd81fc77afeec0689d3d167801eeb2224631d31097be7641238a63e7bf61b1783ebbcf4288d8c25170155e8fd636ec21764b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe

Filesize
184KB

MD5
bd916ad6e5eff02b9c3050fe12783552

SHA1
e3c7cbc55efc6249870608f9dc8fb4965431f303

SHA256
62676727574f3b53c39f4e6f334cea251e6176f0ebf660e90258df92efee923e

SHA512
1cb73f5ea1f2d95e1c637d5652d942fc37956e235c55749b846013b4ccf13feaafaedacfd5c34ca4d56a649c7471f29e5edad930e7b401c12e7245e8b69fe490

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe

Filesize
184KB

MD5
db55bd9cd9bfd04d547c028f1089c82a

SHA1
dda5507a946472bae9957978ff51bf10ca0fe0c9

SHA256
fff454e84ffa9022e32f117b3897407f428c0206ac959a84e4538705dc6d6cbb

SHA512
ad041f8cba72c969a2046b8e0e6fa88bdacddb9f1a5e0b1120af0575fc36bbac86501d61defa8b5183db9abbc13e9258a46150b0bc865dab3d6f9e5c5a699d74

Download Submit