7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
Size

184KB
MD5

df862c3949f4351dbaf4de60083bd153
SHA1

90eb478b61eff6197dc61bfc77ddf4f85d5b89dd
SHA256

7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee
SHA512

0dd87eded57087d25fe3bb7eca5ad1102695984ab5fddf654c45343979515dcd42f794ee5bcc90c60eb5741f65a8e1a8a6fc102693faf75ac64117bfd2a3f230
SSDEEP

1536:q7S/6vZ9uCUxoPx1tVOFlawMHHQyvZclzmd8xlCR2VvQtnhlHhj5Vizp0t:8dCCUxoZ7VOydHwWellCRmenhltniFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-39535.exeUnicorn-47594.exeUnicorn-54371.exeUnicorn-26188.exeUnicorn-60998.exeUnicorn-18574.exeUnicorn-53069.exeUnicorn-48985.exeUnicorn-59846.exeUnicorn-6561.exeUnicorn-61237.exeUnicorn-35254.exeUnicorn-47506.exeUnicorn-20864.exeUnicorn-55674.exeUnicorn-998.exeUnicorn-16780.exeUnicorn-35808.exeUnicorn-31724.exeUnicorn-30184.exeUnicorn-45129.exeUnicorn-38544.exeUnicorn-49405.exeUnicorn-54880.exeUnicorn-20070.exeUnicorn-43182.exeUnicorn-58964.exeUnicorn-28238.exeUnicorn-8372.exeUnicorn-40298.exeUnicorn-40298.exeUnicorn-47075.exeUnicorn-18207.exeUnicorn-10593.exeUnicorn-61185.exeUnicorn-7900.exeUnicorn-14677.exeUnicorn-46795.exeUnicorn-24045.exeUnicorn-95.exeUnicorn-40381.exeUnicorn-28683.exeUnicorn-65077.exeUnicorn-65077.exeUnicorn-26183.exeUnicorn-26183.exeUnicorn-60993.exeUnicorn-53380.exeUnicorn-7708.exeUnicorn-53380.exeUnicorn-14485.exeUnicorn-3624.exeUnicorn-26737.exeUnicorn-27527.exeUnicorn-19913.exeUnicorn-34626.exeUnicorn-55923.exeUnicorn-57547.exeUnicorn-36572.exeUnicorn-28958.exeUnicorn-48824.exeUnicorn-18098.exeUnicorn-10484.exeUnicorn-12415.exe

pid	process
2880	Unicorn-39535.exe
2576	Unicorn-47594.exe
2632	Unicorn-54371.exe
2592	Unicorn-26188.exe
2428	Unicorn-60998.exe
2816	Unicorn-18574.exe
2308	Unicorn-53069.exe
328	Unicorn-48985.exe
1512	Unicorn-59846.exe
1692	Unicorn-6561.exe
2184	Unicorn-61237.exe
2908	Unicorn-35254.exe
2268	Unicorn-47506.exe
536	Unicorn-20864.exe
580	Unicorn-55674.exe
2120	Unicorn-998.exe
1756	Unicorn-16780.exe
684	Unicorn-35808.exe
2768	Unicorn-31724.exe
1472	Unicorn-30184.exe
1712	Unicorn-45129.exe
320	Unicorn-38544.exe
860	Unicorn-49405.exe
1248	Unicorn-54880.exe
2744	Unicorn-20070.exe
1588	Unicorn-43182.exe
2940	Unicorn-58964.exe
2112	Unicorn-28238.exe
908	Unicorn-8372.exe
2728	Unicorn-40298.exe
1936	Unicorn-40298.exe
2852	Unicorn-47075.exe
2520	Unicorn-18207.exe
2468	Unicorn-10593.exe
2496	Unicorn-61185.exe
3024	Unicorn-7900.exe
2212	Unicorn-14677.exe
2304	Unicorn-46795.exe
1360	Unicorn-24045.exe
1436	Unicorn-95.exe
340	Unicorn-40381.exe
2344	Unicorn-28683.exe
1056	Unicorn-65077.exe
2204	Unicorn-65077.exe
1200	Unicorn-26183.exe
1208	Unicorn-26183.exe
2404	Unicorn-60993.exe
3056	Unicorn-53380.exe
2488	Unicorn-7708.exe
2704	Unicorn-53380.exe
2712	Unicorn-14485.exe
3000	Unicorn-3624.exe
700	Unicorn-26737.exe
2748	Unicorn-27527.exe
1280	Unicorn-19913.exe
2920	Unicorn-34626.exe
1752	Unicorn-55923.exe
1676	Unicorn-57547.exe
2528	Unicorn-36572.exe
2340	Unicorn-28958.exe
2692	Unicorn-48824.exe
3028	Unicorn-18098.exe
2412	Unicorn-10484.exe
2540	Unicorn-12415.exe

Loads dropped DLL 64 IoCs

Processes:

7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exeUnicorn-39535.exeUnicorn-54371.exeUnicorn-47594.exeWerFault.exeUnicorn-60998.exeUnicorn-26188.exeUnicorn-18574.exeWerFault.exeWerFault.exeUnicorn-6561.exeUnicorn-59846.exeUnicorn-53069.exeUnicorn-48985.exeUnicorn-61237.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
2880	Unicorn-39535.exe
2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
2880	Unicorn-39535.exe
2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
2632	Unicorn-54371.exe
2632	Unicorn-54371.exe
2576	Unicorn-47594.exe
2576	Unicorn-47594.exe
2880	Unicorn-39535.exe
2880	Unicorn-39535.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
2428	Unicorn-60998.exe
2428	Unicorn-60998.exe
2592	Unicorn-26188.exe
2576	Unicorn-47594.exe
2592	Unicorn-26188.exe
2576	Unicorn-47594.exe
2632	Unicorn-54371.exe
2816	Unicorn-18574.exe
2632	Unicorn-54371.exe
2816	Unicorn-18574.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
2200	WerFault.exe
1064	WerFault.exe
1692	Unicorn-6561.exe
1692	Unicorn-6561.exe
1512	Unicorn-59846.exe
1512	Unicorn-59846.exe
2428	Unicorn-60998.exe
2308	Unicorn-53069.exe
2428	Unicorn-60998.exe
2592	Unicorn-26188.exe
2592	Unicorn-26188.exe
2308	Unicorn-53069.exe
328	Unicorn-48985.exe
328	Unicorn-48985.exe
2816	Unicorn-18574.exe
2184	Unicorn-61237.exe
2184	Unicorn-61237.exe
2816	Unicorn-18574.exe
716	WerFault.exe
716	WerFault.exe
716	WerFault.exe
716	WerFault.exe
716	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
3008	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2736	2856	WerFault.exe	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
1788	2880	WerFault.exe	Unicorn-39535.exe
2200	2632	WerFault.exe	Unicorn-54371.exe
1064	2576	WerFault.exe	Unicorn-47594.exe
716	2428	WerFault.exe	Unicorn-60998.exe
1152	2592	WerFault.exe	Unicorn-26188.exe
3008	2816	WerFault.exe	Unicorn-18574.exe
1740	1692	WerFault.exe	Unicorn-6561.exe
2740	1512	WerFault.exe	Unicorn-59846.exe
2572	2308	WerFault.exe	Unicorn-53069.exe
2620	328	WerFault.exe	Unicorn-48985.exe
2672	2184	WerFault.exe	Unicorn-61237.exe
1564	2908	WerFault.exe	Unicorn-35254.exe
2868	2268	WerFault.exe	Unicorn-47506.exe
2960	2120	WerFault.exe	Unicorn-998.exe
872	580	WerFault.exe	Unicorn-55674.exe
772	536	WerFault.exe	Unicorn-20864.exe
2260	2768	WerFault.exe	Unicorn-31724.exe
816	684	WerFault.exe	Unicorn-35808.exe
2052	1756	WerFault.exe	Unicorn-16780.exe
2208	2744	WerFault.exe	Unicorn-20070.exe
1212	1472	WerFault.exe	Unicorn-30184.exe
1720	1712	WerFault.exe	Unicorn-45129.exe
1176	320	WerFault.exe	Unicorn-38544.exe
1124	860	WerFault.exe	Unicorn-49405.exe
2264	1248	WerFault.exe	Unicorn-54880.exe
1008	1588	WerFault.exe	Unicorn-43182.exe
1004	1936	WerFault.exe	Unicorn-40298.exe
1892	2940	WerFault.exe	Unicorn-58964.exe
1708	2728	WerFault.exe	Unicorn-40298.exe
932	2852	WerFault.exe	Unicorn-47075.exe
1036	908	WerFault.exe	Unicorn-8372.exe
2552	2112	WerFault.exe	Unicorn-28238.exe
3708	2520	WerFault.exe	Unicorn-18207.exe
3728	2468	WerFault.exe	Unicorn-10593.exe
3824	1360	WerFault.exe	Unicorn-24045.exe
3832	2212	WerFault.exe	Unicorn-14677.exe
3856	3024	WerFault.exe	Unicorn-7900.exe
3968	1436	WerFault.exe	Unicorn-95.exe
4028	2712	WerFault.exe	Unicorn-14485.exe
4060	2344	WerFault.exe	Unicorn-28683.exe
4076	2204	WerFault.exe	Unicorn-65077.exe
3448	1804	WerFault.exe	Unicorn-40956.exe
3696	2116	WerFault.exe	Unicorn-30096.exe
3204	1208	WerFault.exe	Unicorn-26183.exe
3636	2704	WerFault.exe	Unicorn-53380.exe
3688	2404	WerFault.exe	Unicorn-60993.exe
3744	2496	WerFault.exe	Unicorn-61185.exe
3792	340	WerFault.exe	Unicorn-40381.exe
3096	700	WerFault.exe	Unicorn-26737.exe
2380	1200	WerFault.exe	Unicorn-26183.exe
3472	2748	WerFault.exe	Unicorn-27527.exe
3716	2488	WerFault.exe	Unicorn-7708.exe
3928	1912	WerFault.exe	Unicorn-55394.exe
3992	2168	WerFault.exe	Unicorn-22722.exe
3252	1160	WerFault.exe	Unicorn-10469.exe
3292	2420	WerFault.exe	Unicorn-8139.exe
3396	1056	WerFault.exe	Unicorn-65077.exe
3624	2304	WerFault.exe	Unicorn-46795.exe
1376	1760	WerFault.exe	Unicorn-10832.exe
4140	2384	WerFault.exe	Unicorn-23084.exe
4156	2044	WerFault.exe	Unicorn-41196.exe
4180	108	WerFault.exe	Unicorn-19000.exe
4200	1840	WerFault.exe	Unicorn-12223.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exeUnicorn-39535.exeUnicorn-47594.exeUnicorn-54371.exeUnicorn-26188.exeUnicorn-60998.exeUnicorn-18574.exeUnicorn-48985.exeUnicorn-53069.exeUnicorn-61237.exeUnicorn-6561.exeUnicorn-59846.exeUnicorn-35254.exeUnicorn-47506.exeUnicorn-55674.exeUnicorn-20864.exeUnicorn-998.exeUnicorn-35808.exeUnicorn-16780.exeUnicorn-31724.exeUnicorn-30184.exeUnicorn-45129.exeUnicorn-38544.exeUnicorn-49405.exeUnicorn-54880.exeUnicorn-20070.exeUnicorn-43182.exeUnicorn-58964.exeUnicorn-40298.exeUnicorn-40298.exeUnicorn-8372.exeUnicorn-28238.exeUnicorn-47075.exeUnicorn-18207.exeUnicorn-10593.exeUnicorn-61185.exeUnicorn-14677.exeUnicorn-7900.exeUnicorn-46795.exeUnicorn-24045.exeUnicorn-95.exeUnicorn-40381.exeUnicorn-28683.exeUnicorn-65077.exeUnicorn-65077.exeUnicorn-26183.exeUnicorn-26183.exeUnicorn-60993.exeUnicorn-53380.exeUnicorn-7708.exeUnicorn-53380.exeUnicorn-14485.exeUnicorn-26737.exeUnicorn-3624.exeUnicorn-27527.exeUnicorn-19913.exeUnicorn-34626.exeUnicorn-55923.exeUnicorn-57547.exeUnicorn-36572.exeUnicorn-48824.exeUnicorn-28958.exeUnicorn-18098.exeUnicorn-10484.exe

pid	process
2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
2880	Unicorn-39535.exe
2576	Unicorn-47594.exe
2632	Unicorn-54371.exe
2592	Unicorn-26188.exe
2428	Unicorn-60998.exe
2816	Unicorn-18574.exe
328	Unicorn-48985.exe
2308	Unicorn-53069.exe
2184	Unicorn-61237.exe
1692	Unicorn-6561.exe
1512	Unicorn-59846.exe
2908	Unicorn-35254.exe
2268	Unicorn-47506.exe
580	Unicorn-55674.exe
536	Unicorn-20864.exe
2120	Unicorn-998.exe
684	Unicorn-35808.exe
1756	Unicorn-16780.exe
2768	Unicorn-31724.exe
1472	Unicorn-30184.exe
1712	Unicorn-45129.exe
320	Unicorn-38544.exe
860	Unicorn-49405.exe
1248	Unicorn-54880.exe
2744	Unicorn-20070.exe
1588	Unicorn-43182.exe
2940	Unicorn-58964.exe
2728	Unicorn-40298.exe
1936	Unicorn-40298.exe
908	Unicorn-8372.exe
2112	Unicorn-28238.exe
2852	Unicorn-47075.exe
2520	Unicorn-18207.exe
2468	Unicorn-10593.exe
2496	Unicorn-61185.exe
2212	Unicorn-14677.exe
3024	Unicorn-7900.exe
2304	Unicorn-46795.exe
1360	Unicorn-24045.exe
1436	Unicorn-95.exe
340	Unicorn-40381.exe
2344	Unicorn-28683.exe
2204	Unicorn-65077.exe
1056	Unicorn-65077.exe
1200	Unicorn-26183.exe
1208	Unicorn-26183.exe
2404	Unicorn-60993.exe
3056	Unicorn-53380.exe
2488	Unicorn-7708.exe
2704	Unicorn-53380.exe
2712	Unicorn-14485.exe
700	Unicorn-26737.exe
3000	Unicorn-3624.exe
2748	Unicorn-27527.exe
1280	Unicorn-19913.exe
2920	Unicorn-34626.exe
1752	Unicorn-55923.exe
1676	Unicorn-57547.exe
2528	Unicorn-36572.exe
2692	Unicorn-48824.exe
2340	Unicorn-28958.exe
3028	Unicorn-18098.exe
2412	Unicorn-10484.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exeUnicorn-39535.exeUnicorn-54371.exeUnicorn-47594.exeUnicorn-60998.exeUnicorn-26188.exeUnicorn-18574.exeUnicorn-6561.exe

description	pid	process	target process
PID 2856 wrote to memory of 2880	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-39535.exe
PID 2856 wrote to memory of 2880	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-39535.exe
PID 2856 wrote to memory of 2880	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-39535.exe
PID 2856 wrote to memory of 2880	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-39535.exe
PID 2880 wrote to memory of 2576	2880	Unicorn-39535.exe	Unicorn-47594.exe
PID 2880 wrote to memory of 2576	2880	Unicorn-39535.exe	Unicorn-47594.exe
PID 2880 wrote to memory of 2576	2880	Unicorn-39535.exe	Unicorn-47594.exe
PID 2880 wrote to memory of 2576	2880	Unicorn-39535.exe	Unicorn-47594.exe
PID 2856 wrote to memory of 2632	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-54371.exe
PID 2856 wrote to memory of 2632	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-54371.exe
PID 2856 wrote to memory of 2632	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-54371.exe
PID 2856 wrote to memory of 2632	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	Unicorn-54371.exe
PID 2856 wrote to memory of 2736	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	WerFault.exe
PID 2856 wrote to memory of 2736	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	WerFault.exe
PID 2856 wrote to memory of 2736	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	WerFault.exe
PID 2856 wrote to memory of 2736	2856	7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe	WerFault.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-54371.exe	Unicorn-26188.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-54371.exe	Unicorn-26188.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-54371.exe	Unicorn-26188.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-54371.exe	Unicorn-26188.exe
PID 2576 wrote to memory of 2428	2576	Unicorn-47594.exe	Unicorn-60998.exe
PID 2576 wrote to memory of 2428	2576	Unicorn-47594.exe	Unicorn-60998.exe
PID 2576 wrote to memory of 2428	2576	Unicorn-47594.exe	Unicorn-60998.exe
PID 2576 wrote to memory of 2428	2576	Unicorn-47594.exe	Unicorn-60998.exe
PID 2880 wrote to memory of 2816	2880	Unicorn-39535.exe	Unicorn-18574.exe
PID 2880 wrote to memory of 2816	2880	Unicorn-39535.exe	Unicorn-18574.exe
PID 2880 wrote to memory of 2816	2880	Unicorn-39535.exe	Unicorn-18574.exe
PID 2880 wrote to memory of 2816	2880	Unicorn-39535.exe	Unicorn-18574.exe
PID 2880 wrote to memory of 1788	2880	Unicorn-39535.exe	WerFault.exe
PID 2880 wrote to memory of 1788	2880	Unicorn-39535.exe	WerFault.exe
PID 2880 wrote to memory of 1788	2880	Unicorn-39535.exe	WerFault.exe
PID 2880 wrote to memory of 1788	2880	Unicorn-39535.exe	WerFault.exe
PID 2428 wrote to memory of 2308	2428	Unicorn-60998.exe	Unicorn-53069.exe
PID 2428 wrote to memory of 2308	2428	Unicorn-60998.exe	Unicorn-53069.exe
PID 2428 wrote to memory of 2308	2428	Unicorn-60998.exe	Unicorn-53069.exe
PID 2428 wrote to memory of 2308	2428	Unicorn-60998.exe	Unicorn-53069.exe
PID 2592 wrote to memory of 328	2592	Unicorn-26188.exe	Unicorn-48985.exe
PID 2592 wrote to memory of 328	2592	Unicorn-26188.exe	Unicorn-48985.exe
PID 2592 wrote to memory of 328	2592	Unicorn-26188.exe	Unicorn-48985.exe
PID 2592 wrote to memory of 328	2592	Unicorn-26188.exe	Unicorn-48985.exe
PID 2576 wrote to memory of 1512	2576	Unicorn-47594.exe	Unicorn-59846.exe
PID 2576 wrote to memory of 1512	2576	Unicorn-47594.exe	Unicorn-59846.exe
PID 2576 wrote to memory of 1512	2576	Unicorn-47594.exe	Unicorn-59846.exe
PID 2576 wrote to memory of 1512	2576	Unicorn-47594.exe	Unicorn-59846.exe
PID 2632 wrote to memory of 1692	2632	Unicorn-54371.exe	Unicorn-6561.exe
PID 2632 wrote to memory of 1692	2632	Unicorn-54371.exe	Unicorn-6561.exe
PID 2632 wrote to memory of 1692	2632	Unicorn-54371.exe	Unicorn-6561.exe
PID 2632 wrote to memory of 1692	2632	Unicorn-54371.exe	Unicorn-6561.exe
PID 2816 wrote to memory of 2184	2816	Unicorn-18574.exe	Unicorn-61237.exe
PID 2816 wrote to memory of 2184	2816	Unicorn-18574.exe	Unicorn-61237.exe
PID 2816 wrote to memory of 2184	2816	Unicorn-18574.exe	Unicorn-61237.exe
PID 2816 wrote to memory of 2184	2816	Unicorn-18574.exe	Unicorn-61237.exe
PID 2632 wrote to memory of 2200	2632	Unicorn-54371.exe	WerFault.exe
PID 2632 wrote to memory of 2200	2632	Unicorn-54371.exe	WerFault.exe
PID 2632 wrote to memory of 2200	2632	Unicorn-54371.exe	WerFault.exe
PID 2632 wrote to memory of 2200	2632	Unicorn-54371.exe	WerFault.exe
PID 2576 wrote to memory of 1064	2576	Unicorn-47594.exe	WerFault.exe
PID 2576 wrote to memory of 1064	2576	Unicorn-47594.exe	WerFault.exe
PID 2576 wrote to memory of 1064	2576	Unicorn-47594.exe	WerFault.exe
PID 2576 wrote to memory of 1064	2576	Unicorn-47594.exe	WerFault.exe
PID 1692 wrote to memory of 2908	1692	Unicorn-6561.exe	Unicorn-35254.exe
PID 1692 wrote to memory of 2908	1692	Unicorn-6561.exe	Unicorn-35254.exe
PID 1692 wrote to memory of 2908	1692	Unicorn-6561.exe	Unicorn-35254.exe
PID 1692 wrote to memory of 2908	1692	Unicorn-6561.exe	Unicorn-35254.exe

C:\Users\Admin\AppData\Local\Temp\7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe
"C:\Users\Admin\AppData\Local\Temp\7cbc39687e25ae429dccaf8ec9e712c68df6ba5c000ec638864579606a59faee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-8139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8139.exe
9⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-41471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41471.exe
10⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
11⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45799.exe
12⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10223.exe
13⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
14⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
14⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
13⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 216
11⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
10⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
11⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49118.exe
12⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
13⤵
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 220
13⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
12⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
10⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
9⤵
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
8⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
11⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
12⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
13⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
12⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
9⤵
- Program crash
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
8⤵
- Program crash
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
8⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
10⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
11⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
12⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 236
12⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
11⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
12⤵
PID:12132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
13⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
11⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
10⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
12⤵
PID:12088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
13⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 220
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
9⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
8⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
7⤵
- Program crash
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
8⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
9⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
11⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
12⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
13⤵
PID:11468

C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
14⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
10⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
9⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
11⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 220
12⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
10⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
11⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
8⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
7⤵
- Program crash
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
6⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24045.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
9⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
11⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
12⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
13⤵
PID:11332

C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
14⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
12⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
11⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
9⤵
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 220
10⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
11⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11948 -s 208
13⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
9⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
8⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28958.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
8⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
11⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
12⤵
PID:11376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
13⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11376 -s 216
13⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
12⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
9⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
10⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
11⤵
PID:11940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
11⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
10⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
8⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
7⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
7⤵
- Executes dropped EXE
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
11⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
12⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
13⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
10⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
11⤵
PID:11396

C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
12⤵
PID:13996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
10⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37302.exe
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11688 -s 208
12⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 220
11⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
9⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
8⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
7⤵
- Program crash
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
6⤵
- Program crash
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
9⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
10⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
12⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
13⤵
PID:11908

C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
14⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
11⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11496 -s 208
13⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
11⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
11⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
12⤵
PID:11888

C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
13⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
9⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-42348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42348.exe
8⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
11⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
12⤵
PID:11604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
13⤵
PID:13824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11604 -s 236
13⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
11⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
10⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
11⤵
PID:11864

C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
12⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 220
11⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
8⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
7⤵
- Program crash
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
8⤵
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
11⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
12⤵
PID:11768

C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
13⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 216
12⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
11⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
10⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
11⤵
PID:11896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
12⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
7⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
10⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
11⤵
PID:11728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
10⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
7⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
6⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
8⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
11⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
9⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
8⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
7⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60386.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
9⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
10⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
11⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
10⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
9⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
8⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
7⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
6⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
10⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
11⤵
PID:11384

C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
12⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11384 -s 216
12⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-16727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16727.exe
7⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
8⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56196.exe
9⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
10⤵
PID:11752

C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
10⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
9⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
8⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
7⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
6⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
5⤵
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
11⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
12⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
13⤵
PID:12844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
14⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12844 -s 236
14⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
13⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
10⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
10⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 220
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
8⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
7⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
10⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
11⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
12⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
9⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
10⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
11⤵
PID:12168

C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
12⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
11⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
10⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
9⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
8⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
7⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
7⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
8⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19162.exe
9⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
11⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
12⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
8⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
7⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
9⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
10⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
11⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
10⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
9⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
8⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
7⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
6⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
7⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
8⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
10⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
11⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
12⤵
PID:11560

C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
13⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
12⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 220
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe
7⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
9⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
11⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
10⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
9⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
8⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 220
7⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
6⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
9⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
10⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
11⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
9⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
8⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 216
7⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
6⤵
- Program crash
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
5⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
7⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
8⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
11⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
12⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 236
12⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
7⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
9⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
10⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
11⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
11⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
10⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
9⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
8⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
7⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
6⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
9⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
10⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 236
10⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
7⤵
- Program crash
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
6⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
6⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
8⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
9⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
10⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
11⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
9⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
7⤵
- Program crash
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
6⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
7⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
8⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
9⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
10⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 220
10⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
9⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
8⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
7⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
6⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
5⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
8⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
9⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
10⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
11⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
12⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
13⤵
PID:11576

C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
14⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
12⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
11⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
11⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
12⤵
PID:11648

C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
13⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
12⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
8⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
10⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-10223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10223.exe
11⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 220
12⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
8⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
7⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
7⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 220
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
10⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 224
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
8⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
9⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
10⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 220
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
10⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
9⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
6⤵
- Program crash
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
7⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
10⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
11⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33936.exe
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
10⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
11⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
10⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
9⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
8⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
7⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
6⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
9⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2906.exe
10⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
11⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 220
11⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
10⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
9⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
8⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
7⤵
- Program crash
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
6⤵
- Program crash
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
5⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
11⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
11⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
10⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
7⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
9⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
10⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
11⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
9⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
8⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
7⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
6⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
7⤵
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 220
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
7⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
6⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
6⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
9⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
10⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
11⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
10⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
9⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
8⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
7⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
6⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
7⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
8⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
9⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
10⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
10⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
9⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
8⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
7⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
6⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
5⤵
- Program crash
PID:816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
8⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
11⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
12⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
13⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
13⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
12⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
11⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
11⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 236
11⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
9⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
8⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
7⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
9⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
11⤵
PID:11424

C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
12⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
8⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
10⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
11⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
12⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
11⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
10⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
8⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
9⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
10⤵
PID:11828

C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
11⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11828 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
10⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
9⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
8⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 220
7⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
6⤵
- Program crash
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
7⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
7⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 220
8⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
6⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
7⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
7⤵
- Program crash
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
6⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
5⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
9⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
10⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
11⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
11⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
10⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
9⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
7⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
6⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
7⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
8⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
9⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
10⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
10⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
9⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
8⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
7⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
6⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
6⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
7⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
8⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
9⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-63368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63368.exe
10⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
11⤵
PID:13396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
10⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
9⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
8⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
7⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
6⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
7⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
8⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
9⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 220
9⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
8⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
7⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
6⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
5⤵
- Program crash
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
4⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
2⤵
- Program crash
PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe

Filesize
184KB

MD5
f5c10449b856d771607ee73cfcf0faf8

SHA1
36e7530cbcd5cf144122e00002cee1bf322040e5

SHA256
db93067c2fbc57551160470c55b3c622267972c6bcae060fa04a7a2593be77b2

SHA512
6228dab18868dd56f6250171f905e9c34e70f479fd306ca86114acf391a88fbdd6c7b5888f6cc3b5864c906d212948edb26b5953956c780fd99f2569f706621b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe

Filesize
184KB

MD5
870191ebfd2966d1756339ec6e709e61

SHA1
244b23468664150b50036954c749d474badf68f9

SHA256
d080140454910a5ac068e02ac860956e3164a9140221f6f5d9339df8e8b61c95

SHA512
b7abd936e65c1c24b4e87138304f7441845f349008f8d70be67393bd08e0f4ecb9b4a5133a65013887103b871dc3bc6ffe410a65b5c8327ee8b58eabad102245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe

Filesize
184KB

MD5
81c2783588055643e8b87e74e841114f

SHA1
7d1980caf5fa516799d9dede2aa53b0262ed6890

SHA256
08a14a3b7ce146ce474960cac874f88179113ef0b9709c7ccbde85901df5ab67

SHA512
25fd92d0180eefaea82f3cc31a539b8ca781e368b7f878638a5525530587b0c893dec42ed8e2af4ab07471d80fea7fdd3d33c5948d67a4fb3996398208e9a10a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe

Filesize
184KB

MD5
4275b54310ee24e24e57636adbbbba28

SHA1
715d25a82d445ba2f6b95f0f26fb3d54a2162155

SHA256
f8db45331dd3551d2f04b1972d22eab64b620835860afe8a1d53819fea35a215

SHA512
367774550d194e2abb2ee8f23f583e4beb2536ba493fd4b80f69eca76a05c93ad1f92c081f371b0a398fb051cab79b113adc5dbd08e7c3d5f0db79fa30de1cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe

Filesize
184KB

MD5
1a21762090c026ac8c1f92d65cdfa829

SHA1
157302a976dec915dfeaa0ce8b9244859ded9fce

SHA256
cc469b9cdee28a19d0087f59ad79134936786653d96113698a56279e9ca7a60f

SHA512
73a85393442f35eb947bb4a875ef6f1b6d4553a4b8c085a7e7f44ba5b752a6a9575c234a570aed6b2ef791697849df392d1095ebf10d085d828c76e14e982a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe

Filesize
184KB

MD5
41b2dc6aaf752a660e67c0c22e46513e

SHA1
6aaf51ba307f5834d050d2b190a8b5650d0fe647

SHA256
4cca864a9a7f9ed059b4e0403f6f88db572607a43088fd0afffd926d2c3d737d

SHA512
5c1ea00d012ebb35c327ed8b7e985a3b1b2543d85a72d7c2d9cab3603ef64dd5120398077462e7ba72427646bb5834f83a72abf7059add79e0aee90484653132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe

Filesize
184KB

MD5
2f7845ed57a52765d016b1a5e3ffca1b

SHA1
bfcfd8ae4cdb6629bd06af8f653e65f0a9c33efe

SHA256
aed96e870fa1b182ec9d96d1c5eb86f8bec1a49c6bb32a2ea9c2a8a6dea3cb0a

SHA512
be0438afa7bf136b8108c41324c97a2175004c94d75303f39f52250650713ad6639627c280a772c203618a48a2ef88ceb7efe66dbc5c9d09af3950a69486cb1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40271.exe

Filesize
184KB

MD5
5b19467195ac43978c1263c44873f7f7

SHA1
62ae39bc3b7dabedaf65f40b98fbac940a6b3b3c

SHA256
31af04fed3bd0e7616bf5149b0df5318122a8225f50aa0500b9cd6c604a7fad2

SHA512
24dccfd57c63784cb82ab9e32c5f6b3807afdf31b163e9e56764940cc498f43cd0a49cc8fb6647e7a0a6b8aaed0c9395c479ab1acb1be989f44cb6d2b73ec332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40930.exe

Filesize
184KB

MD5
ecb0ce8d510cee58f70198cb81b032a3

SHA1
b9f56ae11bc7c3f1bac51c8ab0f0f741ff4e70ab

SHA256
0bd0bb87769278eab55247242295c31636ed31e1167644a8f54affc648475f81

SHA512
e535ec44b74296fff43a9bf49070c0d412688e3aa904189329b374e32fb14c068ac6a2546bcb76bc5131f71dd84e026ff52e093ff825e65ec983169f16fd4042

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe

Filesize
184KB

MD5
12d6f3b9a41cc8bc66e66ffe9066e036

SHA1
e51a9c48ff2ea3f7ceef1f487a573638d1219068

SHA256
b119ec104b9b43be6e8710c0c6cb09cf83d60f33d8bd7ee8fa0aecfbb50e2f89

SHA512
9a5bb5203ea6eef8f5315fda6bf17473952526e8d9913598f710d2233f39f72dade7125c3853c0b536ea2eac1507f364e9f8f990735fe4acb073d968abd1d5f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe

Filesize
184KB

MD5
c5a3227d9d69c2165df8433c53d8d2b9

SHA1
38a073efb9fd27c39488bb0c44d41c856cf0e00a

SHA256
ec5189977b878a31542b1b8a8e1cd2b076c70ff01a96db75eb609e185448f47e

SHA512
2a95d42ceab95995028357b25b9cb06fab1d693121519c1dba41794517c723cc0ce6ab9afe9eefcddce6246160ca908d7f1974afd1f0bf3e75101cbf01fefe55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe

Filesize
184KB

MD5
b200281d897693a8f1325916896026cb

SHA1
a13b6c7b4a35a62d5ae700667d14da9a6c15b9e5

SHA256
b7af17670a4c9ff532346d82ab0c580efda6ca80ebb9ca6e86417eb98c07bb72

SHA512
37b31cedf6940acc450cc43ef1fca195c83b936692aa9a5676553bb9f06792df770ce0d8b480c7bcbea303ea1f500ca1a13d9302c64bdb1830df55273d1494bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe

Filesize
184KB

MD5
55f105a7a983bea7b514a5781edac669

SHA1
ba7a4c425c6f82c91b52982d1b1f96deaa506c7b

SHA256
aed7151e2800e13e2e4a09f6cb349a27295cecc44f68bbd2e4e87d9232e9b0ec

SHA512
9dd3f3082234863efc4b990dfe6621f1dfb6563eac63773fab97120b86e9df4e6ce508baee91f3952432602db7837c993749b35d3539b93eb3dde77884bcd96d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe

Filesize
184KB

MD5
2f1b2ec31f8c59f83a340026550b629c

SHA1
36ae41fd8f885b74536682a164e447ab62a27f78

SHA256
25c0054cb0e07fc10237b80ace46c9b6b059bbab7b52aed85858f0dde425cfdc

SHA512
75d902765e9e897b128e2c63cbf5a27dc5b30237c4b75efffae42c1b0c19999502cdf0a4be3a8898281da70a89a80692d4ca0dc5d6ddf02f45d7b3c1916a62bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe

Filesize
184KB

MD5
0550d36465aaffd44c4271b88705dceb

SHA1
8b3cb9df7b491d2ab81ec7334b115d27b02cf3c5

SHA256
fbdcbe5b965df26f551d97bd2d8fc542373c341dee7e672ee534e701909232d5

SHA512
6cf42196a6a00f9870ec7fce426be8f798111830b569f676a96fae7285f436a3dd1d0b616417405b87eeded0ad053307e52e1f23e2bf0e03cd12d7d54401eb57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe

Filesize
184KB

MD5
d2f78300ee7caa346f0094f695c18384

SHA1
15a62abf1463994d275603c0f1720fe80c7afdd7

SHA256
de706e082e33bd7a138ce8708a1d3f1b7ccc988d342d2a6fb76f6d8a596d6489

SHA512
4a378cf4bea4bc50c7d3efd8ba8c454f85f1a2957f40422eedee638a3bda506746fb8eaa713d954d90a61a1b4272ab6a2d5f78cca5b62fea7026602ae6c43303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe

Filesize
184KB

MD5
b4ebab7babcb18412e54c7d079e1de7a

SHA1
c04a8ab80d0d61a8d427daaa2faf7ac0cba0e63c

SHA256
1631cd7130a793123cb5f02ad620d1235bf307eae13858e2ddb21d56fe9d552c

SHA512
3f5f5aa9978e1e886ea548f01044376db80ebfa37fee4dfb506aa42ac763826cda89dbf26f186e9d0b432b7c6b2e72bf0a1049fb076af94222be329bf3d89a1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe

Filesize
184KB

MD5
3708d42e5c2ea1742094a555890001d0

SHA1
90c04031a9259c699bd7bd7141684d63ac3a7e4f

SHA256
6675b6fe476046b553f7faf3b20bd78f5de75ffdd1a3f17a5393af2852709e90

SHA512
093fc0e8b500e538b578280b3e83734a3625c82aa680310fb1e68ace58637f93e6e886cbf39107cf6c140e30ea9292e48bc0065377285f81a4572580df45a20c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe

Filesize
184KB

MD5
0ace3eb45ff4dbb31dff9dc508de8d96

SHA1
244514720956381372e6da3f2cd4401399b17d30

SHA256
795f99b58ed0999d16727a504358e76436df4b6b466e2397da51eff32b25821c

SHA512
874ec86ecdbfd44ca4bc9a7154b05b96e30c7b8dbeb079fe7a58b1952318db9650ae263b620da9ca9dcd0763cd949a5c0906f099a67245372f10b629f908c5a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe

Filesize
184KB

MD5
ed1e51eca24c9a72052c6f296862034a

SHA1
80761eb86990e0c1493badfae8d421ab203ee73f

SHA256
d4d7c502c24fd04a3a6de1866d6f6d201e234a5280c9d78ec44186255d41d74b

SHA512
4665c0ccb9716a01571b1e3562f9a2796a1570a6dd5491fcc43d8db16d46ad5a5251196467a5003f04644049a1690a27654022ab8e6eab34ca77b2370f4ca4f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe

Filesize
184KB

MD5
e42d4eae11f11290b9980742429efc50

SHA1
a519dada345967c414f9125a77d7359561dcbc21

SHA256
834f363ba0d7e19b888fd0d7ac95cbc9d4d292c967a3d384b2d3beca05f4919a

SHA512
7f59d0b1dbc90baec4f3966fd9e84939bc0de44bfc9099142e656408dcb181ec799d65808653dbfde0f259702e2005e5926b6f5fe26be5b7efcac8ef78ace7d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe

Filesize
184KB

MD5
99482971ba62cbed393dc872dad5112e

SHA1
4da28aeeeae7fb3a8ef386ecd59de6bfa05a7454

SHA256
1a6d8a28aa66c5d7c7f1de69d279382dfa5c3de893cf65454db54338784d8c5a

SHA512
4fd1939bf001fb544370704adfd30a9114d1e8d14cb55bb75eda0a7ab918077f863bd2b664f2d13a05793ed8296ed337c019dcfc377766b25c2dfbf3a0014919

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe

Filesize
184KB

MD5
6f9504ab07a0a82173061e0ce23e909c

SHA1
db6acf1c87ac9369a18e08248c2ff57704df3c39

SHA256
ce35c09d13170f26d715a7a84f00f4fb8326b8add7191319ff8dc8e051f913e7

SHA512
8b715f99a42a13be6eea7b13f862784b88c6b10d820fa560063b697b25233e0b7908dafd8535fe5b83ea77a62e1afb60d90b371a3990da33e7eef3f285e6bc9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe

Filesize
184KB

MD5
7f273573e75ac913612d69a04cc87899

SHA1
da0866faa3a76c66496a3d6feec7f9dcecff66b0

SHA256
f4da94b6984c681d52a09c37d4a8fd77a3921e9d9d637306a9e8d5b7a9879291

SHA512
9babb45593d2d806d57ee08f1992d12761d37629f0f95f6263b81a292f31d9a671a4043572fb0e887beb30c0bfdbc62f5cc0e506480eb9a481aa1d4c4db40af2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-998.exe

Filesize
184KB

MD5
1ed0203b80d2f2c2dfb29bdec7079644

SHA1
88fed9560859cf0322130ed6542899ee6e30b5d7

SHA256
8484f7589f33cccd21808510c1cbed02d0b9d323eca3420ee964a80726656e4d

SHA512
c511fc5dccfb4b6b021f7ed2c3002c8085e40e8567ae8f47a8eb9cf81d1af64ba1c5e08a17c58d412bd925786c40ce676bd1655939930748456843a5e9850ef0

Download Submit