27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
Size

184KB
MD5

25e2750a457137710fee31e4ac676e71
SHA1

1bad85c72a00603418661b55718bf6776f2bc015
SHA256

27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc
SHA512

939b6fc60100acf3fa443baa4826c0435f6fff67da5e635f12edb5a26590722392e567e6f586d3793e1ff40ab70fda5a353e4cf33e00bc2fa2cdbf5b091a05cc
SSDEEP

1536:RBSa67ZlubNxotx1t0OHvwLe29yAZc8YmddjynR2VzSt5kl5hj5nizpvy:zSSbNxoT70OPie4peqynRKw5klnViFa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-37308.exeUnicorn-16456.exeUnicorn-36322.exeUnicorn-63047.exeUnicorn-63047.exeUnicorn-43181.exeUnicorn-53893.exeUnicorn-19083.exeUnicorn-64754.exeUnicorn-21775.exeUnicorn-6830.exeUnicorn-13003.exeUnicorn-13003.exeUnicorn-62759.exeUnicorn-17088.exeUnicorn-53221.exeUnicorn-7549.exeUnicorn-38276.exeUnicorn-22494.exeUnicorn-48665.exeUnicorn-32883.exeUnicorn-28053.exeUnicorn-58779.exeUnicorn-61472.exeUnicorn-46527.exeUnicorn-46527.exeUnicorn-30745.exeUnicorn-30745.exeUnicorn-50611.exeUnicorn-40305.exeUnicorn-44389.exeUnicorn-24523.exeUnicorn-39511.exeUnicorn-58540.exeUnicorn-43595.exeUnicorn-6646.exeUnicorn-25675.exeUnicorn-45541.exeUnicorn-44150.exeUnicorn-55655.exeUnicorn-55655.exeUnicorn-46418.exeUnicorn-34166.exeUnicorn-45027.exeUnicorn-14300.exeUnicorn-3439.exeUnicorn-41265.exeUnicorn-41265.exeUnicorn-42888.exeUnicorn-3994.exeUnicorn-53984.exeUnicorn-23812.exeUnicorn-43678.exeUnicorn-58623.exeUnicorn-12951.exeUnicorn-14897.exeUnicorn-45624.exeUnicorn-48317.exeUnicorn-33372.exeUnicorn-52401.exeUnicorn-6729.exeUnicorn-27704.exeUnicorn-59822.exeUnicorn-5146.exe

pid	process
2808	Unicorn-37308.exe
2056	Unicorn-16456.exe
2528	Unicorn-36322.exe
2416	Unicorn-63047.exe
2156	Unicorn-63047.exe
2284	Unicorn-43181.exe
356	Unicorn-53893.exe
2656	Unicorn-19083.exe
2624	Unicorn-64754.exe
1348	Unicorn-21775.exe
1516	Unicorn-6830.exe
2044	Unicorn-13003.exe
2040	Unicorn-13003.exe
1340	Unicorn-62759.exe
2336	Unicorn-17088.exe
1608	Unicorn-53221.exe
1996	Unicorn-7549.exe
2200	Unicorn-38276.exe
528	Unicorn-22494.exe
2340	Unicorn-48665.exe
2988	Unicorn-32883.exe
1196	Unicorn-28053.exe
1472	Unicorn-58779.exe
804	Unicorn-61472.exe
1892	Unicorn-46527.exe
240	Unicorn-46527.exe
1596	Unicorn-30745.exe
2960	Unicorn-30745.exe
916	Unicorn-50611.exe
2256	Unicorn-40305.exe
2132	Unicorn-44389.exe
1584	Unicorn-24523.exe
1716	Unicorn-39511.exe
2608	Unicorn-58540.exe
2588	Unicorn-43595.exe
2816	Unicorn-6646.exe
2424	Unicorn-25675.exe
2464	Unicorn-45541.exe
2936	Unicorn-44150.exe
2648	Unicorn-55655.exe
2564	Unicorn-55655.exe
2764	Unicorn-46418.exe
1728	Unicorn-34166.exe
2620	Unicorn-45027.exe
2268	Unicorn-14300.exe
2280	Unicorn-3439.exe
856	Unicorn-41265.exe
848	Unicorn-41265.exe
1212	Unicorn-42888.exe
1336	Unicorn-3994.exe
2616	Unicorn-53984.exe
1108	Unicorn-23812.exe
560	Unicorn-43678.exe
452	Unicorn-58623.exe
344	Unicorn-12951.exe
2232	Unicorn-14897.exe
2316	Unicorn-45624.exe
1864	Unicorn-48317.exe
3008	Unicorn-33372.exe
276	Unicorn-52401.exe
1888	Unicorn-6729.exe
2692	Unicorn-27704.exe
2520	Unicorn-59822.exe
2396	Unicorn-5146.exe

Loads dropped DLL 64 IoCs

Processes:

27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exeUnicorn-37308.exeUnicorn-16456.exeUnicorn-36322.exeWerFault.exeUnicorn-63047.exeUnicorn-63047.exeUnicorn-43181.exeWerFault.exeWerFault.exeUnicorn-64754.exeUnicorn-19083.exeUnicorn-53893.exeUnicorn-21775.exeUnicorn-6830.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
2808	Unicorn-37308.exe
1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
2808	Unicorn-37308.exe
2056	Unicorn-16456.exe
2528	Unicorn-36322.exe
2056	Unicorn-16456.exe
2528	Unicorn-36322.exe
2808	Unicorn-37308.exe
2808	Unicorn-37308.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2156	Unicorn-63047.exe
2416	Unicorn-63047.exe
2156	Unicorn-63047.exe
2416	Unicorn-63047.exe
2528	Unicorn-36322.exe
2528	Unicorn-36322.exe
2056	Unicorn-16456.exe
2056	Unicorn-16456.exe
2284	Unicorn-43181.exe
2284	Unicorn-43181.exe
1236	WerFault.exe
1236	WerFault.exe
1236	WerFault.exe
1236	WerFault.exe
1236	WerFault.exe
1240	WerFault.exe
1240	WerFault.exe
1240	WerFault.exe
1240	WerFault.exe
1240	WerFault.exe
2624	Unicorn-64754.exe
2656	Unicorn-19083.exe
2656	Unicorn-19083.exe
2624	Unicorn-64754.exe
2416	Unicorn-63047.exe
356	Unicorn-53893.exe
2416	Unicorn-63047.exe
356	Unicorn-53893.exe
1348	Unicorn-21775.exe
1348	Unicorn-21775.exe
2156	Unicorn-63047.exe
2156	Unicorn-63047.exe
1516	Unicorn-6830.exe
1516	Unicorn-6830.exe
2284	Unicorn-43181.exe
2284	Unicorn-43181.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1772	WerFault.exe
1096	WerFault.exe
1772	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
2976	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2688	1924	WerFault.exe	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
2896	2808	WerFault.exe	Unicorn-37308.exe
1236	2056	WerFault.exe	Unicorn-16456.exe
1240	2528	WerFault.exe	Unicorn-36322.exe
1772	2156	WerFault.exe	Unicorn-63047.exe
1096	2416	WerFault.exe	Unicorn-63047.exe
2976	2284	WerFault.exe	Unicorn-43181.exe
2064	2624	WerFault.exe	Unicorn-64754.exe
2296	2656	WerFault.exe	Unicorn-19083.exe
320	356	WerFault.exe	Unicorn-53893.exe
2968	1348	WerFault.exe	Unicorn-21775.exe
2804	1516	WerFault.exe	Unicorn-6830.exe
2224	2044	WerFault.exe	Unicorn-13003.exe
1564	528	WerFault.exe	Unicorn-22494.exe
2844	2200	WerFault.exe	Unicorn-38276.exe
2364	2336	WerFault.exe	Unicorn-17088.exe
2108	2040	WerFault.exe	Unicorn-13003.exe
2352	1340	WerFault.exe	Unicorn-62759.exe
2956	1608	WerFault.exe	Unicorn-53221.exe
1452	1996	WerFault.exe	Unicorn-7549.exe
1224	2340	WerFault.exe	Unicorn-48665.exe
2472	2988	WerFault.exe	Unicorn-32883.exe
3024	1196	WerFault.exe	Unicorn-28053.exe
2536	1472	WerFault.exe	Unicorn-58779.exe
2660	240	WerFault.exe	Unicorn-46527.exe
1740	2256	WerFault.exe	Unicorn-40305.exe
2736	1596	WerFault.exe	Unicorn-30745.exe
1760	916	WerFault.exe	Unicorn-50611.exe
2272	1584	WerFault.exe	Unicorn-24523.exe
2024	2960	WerFault.exe	Unicorn-30745.exe
1352	804	WerFault.exe	Unicorn-61472.exe
2140	1892	WerFault.exe	Unicorn-46527.exe
2020	2132	WerFault.exe	Unicorn-44389.exe
3368	1716	WerFault.exe	Unicorn-39511.exe
3376	2608	WerFault.exe	Unicorn-58540.exe
3540	2424	WerFault.exe	Unicorn-25675.exe
3644	2648	WerFault.exe	Unicorn-55655.exe
3668	1728	WerFault.exe	Unicorn-34166.exe
3732	1336	WerFault.exe	Unicorn-3994.exe
3748	1212	WerFault.exe	Unicorn-42888.exe
3756	848	WerFault.exe	Unicorn-41265.exe
3836	2280	WerFault.exe	Unicorn-3439.exe
3244	2936	WerFault.exe	Unicorn-44150.exe
3268	2588	WerFault.exe	Unicorn-43595.exe
3288	2464	WerFault.exe	Unicorn-45541.exe
3308	2268	WerFault.exe	Unicorn-14300.exe
3428	560	WerFault.exe	Unicorn-43678.exe
3456	1108	WerFault.exe	Unicorn-23812.exe
3464	2816	WerFault.exe	Unicorn-6646.exe
3528	2564	WerFault.exe	Unicorn-55655.exe
3708	2616	WerFault.exe	Unicorn-53984.exe
3904	856	WerFault.exe	Unicorn-41265.exe
4028	2764	WerFault.exe	Unicorn-46418.exe
4080	2620	WerFault.exe	Unicorn-45027.exe
4056	2316	WerFault.exe	Unicorn-45624.exe
4068	452	WerFault.exe	Unicorn-58623.exe
4076	276	WerFault.exe	Unicorn-52401.exe
3212	344	WerFault.exe	Unicorn-12951.exe
3316	2640	WerFault.exe	Unicorn-23642.exe
3444	2232	WerFault.exe	Unicorn-14897.exe
3536	3008	WerFault.exe	Unicorn-33372.exe
3916	2680	WerFault.exe	Unicorn-16844.exe
3112	580	WerFault.exe	Unicorn-39978.exe
3208	1544	WerFault.exe	Unicorn-23642.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exeUnicorn-37308.exeUnicorn-16456.exeUnicorn-36322.exeUnicorn-63047.exeUnicorn-63047.exeUnicorn-43181.exeUnicorn-53893.exeUnicorn-19083.exeUnicorn-64754.exeUnicorn-21775.exeUnicorn-6830.exeUnicorn-13003.exeUnicorn-13003.exeUnicorn-17088.exeUnicorn-7549.exeUnicorn-53221.exeUnicorn-62759.exeUnicorn-38276.exeUnicorn-22494.exeUnicorn-48665.exeUnicorn-32883.exeUnicorn-28053.exeUnicorn-58779.exeUnicorn-46527.exeUnicorn-61472.exeUnicorn-46527.exeUnicorn-40305.exeUnicorn-50611.exeUnicorn-44389.exeUnicorn-30745.exeUnicorn-24523.exeUnicorn-30745.exeUnicorn-39511.exeUnicorn-58540.exeUnicorn-43595.exeUnicorn-6646.exeUnicorn-25675.exeUnicorn-45541.exeUnicorn-44150.exeUnicorn-55655.exeUnicorn-55655.exeUnicorn-46418.exeUnicorn-34166.exeUnicorn-14300.exeUnicorn-45027.exeUnicorn-3994.exeUnicorn-3439.exeUnicorn-41265.exeUnicorn-41265.exeUnicorn-42888.exeUnicorn-43678.exeUnicorn-53984.exeUnicorn-23812.exeUnicorn-12951.exeUnicorn-58623.exeUnicorn-14897.exeUnicorn-45624.exeUnicorn-48317.exeUnicorn-52401.exeUnicorn-33372.exeUnicorn-6729.exeUnicorn-27704.exeUnicorn-59822.exe

pid	process
1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
2808	Unicorn-37308.exe
2056	Unicorn-16456.exe
2528	Unicorn-36322.exe
2416	Unicorn-63047.exe
2156	Unicorn-63047.exe
2284	Unicorn-43181.exe
356	Unicorn-53893.exe
2656	Unicorn-19083.exe
2624	Unicorn-64754.exe
1348	Unicorn-21775.exe
1516	Unicorn-6830.exe
2044	Unicorn-13003.exe
2040	Unicorn-13003.exe
2336	Unicorn-17088.exe
1996	Unicorn-7549.exe
1608	Unicorn-53221.exe
1340	Unicorn-62759.exe
2200	Unicorn-38276.exe
528	Unicorn-22494.exe
2340	Unicorn-48665.exe
2988	Unicorn-32883.exe
1196	Unicorn-28053.exe
1472	Unicorn-58779.exe
1892	Unicorn-46527.exe
804	Unicorn-61472.exe
240	Unicorn-46527.exe
2256	Unicorn-40305.exe
916	Unicorn-50611.exe
2132	Unicorn-44389.exe
2960	Unicorn-30745.exe
1584	Unicorn-24523.exe
1596	Unicorn-30745.exe
1716	Unicorn-39511.exe
2608	Unicorn-58540.exe
2588	Unicorn-43595.exe
2816	Unicorn-6646.exe
2424	Unicorn-25675.exe
2464	Unicorn-45541.exe
2936	Unicorn-44150.exe
2648	Unicorn-55655.exe
2564	Unicorn-55655.exe
2764	Unicorn-46418.exe
1728	Unicorn-34166.exe
2268	Unicorn-14300.exe
2620	Unicorn-45027.exe
1336	Unicorn-3994.exe
2280	Unicorn-3439.exe
856	Unicorn-41265.exe
848	Unicorn-41265.exe
1212	Unicorn-42888.exe
560	Unicorn-43678.exe
2616	Unicorn-53984.exe
1108	Unicorn-23812.exe
344	Unicorn-12951.exe
452	Unicorn-58623.exe
2232	Unicorn-14897.exe
2316	Unicorn-45624.exe
1864	Unicorn-48317.exe
276	Unicorn-52401.exe
3008	Unicorn-33372.exe
1888	Unicorn-6729.exe
2692	Unicorn-27704.exe
2520	Unicorn-59822.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exeUnicorn-37308.exeUnicorn-16456.exeUnicorn-36322.exeUnicorn-63047.exeUnicorn-63047.exeUnicorn-43181.exeUnicorn-19083.exe

description	pid	process	target process
PID 1924 wrote to memory of 2808	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-37308.exe
PID 1924 wrote to memory of 2808	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-37308.exe
PID 1924 wrote to memory of 2808	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-37308.exe
PID 1924 wrote to memory of 2808	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-37308.exe
PID 1924 wrote to memory of 2056	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-16456.exe
PID 1924 wrote to memory of 2056	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-16456.exe
PID 1924 wrote to memory of 2056	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-16456.exe
PID 1924 wrote to memory of 2056	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	Unicorn-16456.exe
PID 2808 wrote to memory of 2528	2808	Unicorn-37308.exe	Unicorn-36322.exe
PID 2808 wrote to memory of 2528	2808	Unicorn-37308.exe	Unicorn-36322.exe
PID 2808 wrote to memory of 2528	2808	Unicorn-37308.exe	Unicorn-36322.exe
PID 2808 wrote to memory of 2528	2808	Unicorn-37308.exe	Unicorn-36322.exe
PID 1924 wrote to memory of 2688	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	WerFault.exe
PID 1924 wrote to memory of 2688	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	WerFault.exe
PID 1924 wrote to memory of 2688	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	WerFault.exe
PID 1924 wrote to memory of 2688	1924	27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe	WerFault.exe
PID 2056 wrote to memory of 2416	2056	Unicorn-16456.exe	Unicorn-63047.exe
PID 2056 wrote to memory of 2416	2056	Unicorn-16456.exe	Unicorn-63047.exe
PID 2056 wrote to memory of 2416	2056	Unicorn-16456.exe	Unicorn-63047.exe
PID 2056 wrote to memory of 2416	2056	Unicorn-16456.exe	Unicorn-63047.exe
PID 2528 wrote to memory of 2156	2528	Unicorn-36322.exe	Unicorn-63047.exe
PID 2528 wrote to memory of 2156	2528	Unicorn-36322.exe	Unicorn-63047.exe
PID 2528 wrote to memory of 2156	2528	Unicorn-36322.exe	Unicorn-63047.exe
PID 2528 wrote to memory of 2156	2528	Unicorn-36322.exe	Unicorn-63047.exe
PID 2808 wrote to memory of 2284	2808	Unicorn-37308.exe	Unicorn-43181.exe
PID 2808 wrote to memory of 2284	2808	Unicorn-37308.exe	Unicorn-43181.exe
PID 2808 wrote to memory of 2284	2808	Unicorn-37308.exe	Unicorn-43181.exe
PID 2808 wrote to memory of 2284	2808	Unicorn-37308.exe	Unicorn-43181.exe
PID 2808 wrote to memory of 2896	2808	Unicorn-37308.exe	WerFault.exe
PID 2808 wrote to memory of 2896	2808	Unicorn-37308.exe	WerFault.exe
PID 2808 wrote to memory of 2896	2808	Unicorn-37308.exe	WerFault.exe
PID 2808 wrote to memory of 2896	2808	Unicorn-37308.exe	WerFault.exe
PID 2156 wrote to memory of 356	2156	Unicorn-63047.exe	Unicorn-53893.exe
PID 2156 wrote to memory of 356	2156	Unicorn-63047.exe	Unicorn-53893.exe
PID 2156 wrote to memory of 356	2156	Unicorn-63047.exe	Unicorn-53893.exe
PID 2156 wrote to memory of 356	2156	Unicorn-63047.exe	Unicorn-53893.exe
PID 2416 wrote to memory of 2656	2416	Unicorn-63047.exe	Unicorn-19083.exe
PID 2416 wrote to memory of 2656	2416	Unicorn-63047.exe	Unicorn-19083.exe
PID 2416 wrote to memory of 2656	2416	Unicorn-63047.exe	Unicorn-19083.exe
PID 2416 wrote to memory of 2656	2416	Unicorn-63047.exe	Unicorn-19083.exe
PID 2528 wrote to memory of 2624	2528	Unicorn-36322.exe	Unicorn-64754.exe
PID 2528 wrote to memory of 2624	2528	Unicorn-36322.exe	Unicorn-64754.exe
PID 2528 wrote to memory of 2624	2528	Unicorn-36322.exe	Unicorn-64754.exe
PID 2528 wrote to memory of 2624	2528	Unicorn-36322.exe	Unicorn-64754.exe
PID 2056 wrote to memory of 1348	2056	Unicorn-16456.exe	Unicorn-21775.exe
PID 2056 wrote to memory of 1348	2056	Unicorn-16456.exe	Unicorn-21775.exe
PID 2056 wrote to memory of 1348	2056	Unicorn-16456.exe	Unicorn-21775.exe
PID 2056 wrote to memory of 1348	2056	Unicorn-16456.exe	Unicorn-21775.exe
PID 2284 wrote to memory of 1516	2284	Unicorn-43181.exe	Unicorn-6830.exe
PID 2284 wrote to memory of 1516	2284	Unicorn-43181.exe	Unicorn-6830.exe
PID 2284 wrote to memory of 1516	2284	Unicorn-43181.exe	Unicorn-6830.exe
PID 2284 wrote to memory of 1516	2284	Unicorn-43181.exe	Unicorn-6830.exe
PID 2056 wrote to memory of 1236	2056	Unicorn-16456.exe	WerFault.exe
PID 2056 wrote to memory of 1236	2056	Unicorn-16456.exe	WerFault.exe
PID 2056 wrote to memory of 1236	2056	Unicorn-16456.exe	WerFault.exe
PID 2056 wrote to memory of 1236	2056	Unicorn-16456.exe	WerFault.exe
PID 2528 wrote to memory of 1240	2528	Unicorn-36322.exe	WerFault.exe
PID 2528 wrote to memory of 1240	2528	Unicorn-36322.exe	WerFault.exe
PID 2528 wrote to memory of 1240	2528	Unicorn-36322.exe	WerFault.exe
PID 2528 wrote to memory of 1240	2528	Unicorn-36322.exe	WerFault.exe
PID 2656 wrote to memory of 2044	2656	Unicorn-19083.exe	Unicorn-13003.exe
PID 2656 wrote to memory of 2044	2656	Unicorn-19083.exe	Unicorn-13003.exe
PID 2656 wrote to memory of 2044	2656	Unicorn-19083.exe	Unicorn-13003.exe
PID 2656 wrote to memory of 2044	2656	Unicorn-19083.exe	Unicorn-13003.exe

C:\Users\Admin\AppData\Local\Temp\27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe
"C:\Users\Admin\AppData\Local\Temp\27c844c6039b0d959630cd6f27487df9b479159efcb3808c2bc651d21a157bbc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
9⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
10⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
11⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
12⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
13⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
14⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
11⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
9⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
8⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
9⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-39698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39698.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
12⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
11⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
10⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
9⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
11⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 220
11⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 220
8⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
7⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-13335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13335.exe
8⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
11⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
12⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
13⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
14⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
12⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 220
12⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 220
11⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
11⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
12⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
13⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 236
13⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
8⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
7⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
13⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 236
13⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 236
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
8⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
7⤵
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
6⤵
- Program crash
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
8⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
11⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
12⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
13⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
14⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
14⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 220
13⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 220
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
10⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14321.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
11⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
12⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
13⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 236
13⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
7⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
8⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26725.exe
11⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
12⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 220
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 216
9⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 216
8⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
7⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
6⤵
- Program crash
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
7⤵
- Executes dropped EXE
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
8⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
10⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
11⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
9⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
8⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
7⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
7⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
8⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
11⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 204
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 220
11⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 220
10⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
8⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
7⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
6⤵
- Program crash
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
8⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
9⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
11⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
13⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22257.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 220
11⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 220
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
7⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
10⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
11⤵
PID:11288

C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11288 -s 216
12⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
8⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
6⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
9⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
10⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
11⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
12⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
10⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
8⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
7⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
8⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
9⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
10⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
11⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11204 -s 236
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
10⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
9⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
8⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
7⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
6⤵
- Program crash
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
5⤵
- Program crash
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
9⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
11⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
12⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
13⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
12⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
10⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
9⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
8⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
10⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
11⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 220
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
8⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
8⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
11⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
12⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
13⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
12⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
9⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
8⤵
- Program crash
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
7⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6729.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
8⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
10⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
11⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
12⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-41032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41032.exe
10⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
11⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
12⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
9⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 220
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
7⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 220
11⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
10⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
8⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
7⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
6⤵
- Program crash
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
7⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52661.exe
8⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
10⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 220
11⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
10⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
11⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
12⤵
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
10⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
8⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
7⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
6⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36595.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
11⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
12⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
8⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
7⤵
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
6⤵
- Program crash
PID:1352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
5⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-6646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6646.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
8⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
10⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
8⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
11⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
12⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 216
12⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
7⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
9⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
10⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
11⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
10⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
9⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
7⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 220
6⤵
- Program crash
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
10⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 220
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
9⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
10⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
11⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
12⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
10⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 240
9⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
10⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
11⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 220
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
8⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
7⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
6⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
7⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
9⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
10⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
11⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 220
11⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
8⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
7⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
6⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 240
5⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
9⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
11⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
12⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
13⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
14⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
14⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 220
13⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
12⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
11⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
11⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
13⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
14⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 236
14⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
12⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
13⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 220
12⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
9⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
8⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
11⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
12⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
10⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
12⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
8⤵
- Program crash
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
11⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
12⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
13⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
14⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 236
14⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
13⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
11⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
12⤵
PID:11980

C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
13⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11980 -s 216
13⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 220
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
9⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
8⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
- Program crash
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58540.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
8⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
11⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
12⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
13⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
12⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
11⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 236
13⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
8⤵
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
8⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
11⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-20451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20451.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
10⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 212
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
8⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
7⤵
- Program crash
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
6⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
10⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44192.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-123.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
8⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
10⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
11⤵
PID:11320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
12⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
11⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
10⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
7⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
9⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
10⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
11⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
11⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
10⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
8⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 216
7⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
6⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
5⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
8⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
10⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
11⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
12⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 236
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 216
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
8⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
7⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
9⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
10⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
11⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
10⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
9⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 216
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
7⤵
- Program crash
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
6⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
9⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48458.exe
10⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
11⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
10⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
9⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
8⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
6⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
6⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
7⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 220
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
8⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
7⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
6⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
7⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
8⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
9⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
10⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
10⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
9⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
8⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
7⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
6⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
5⤵
- Program crash
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7549.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
7⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
10⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
12⤵
PID:11492

C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
13⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11492 -s 216
13⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 220
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
9⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
8⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
7⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
10⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
11⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 220
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
10⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
9⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
8⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
7⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
6⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
9⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
10⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
11⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
12⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
8⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
9⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
10⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 220
10⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
9⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
8⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
7⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
6⤵
- Program crash
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42888.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
6⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
9⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
10⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
11⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
11⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
10⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
8⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
7⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
8⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
9⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
10⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 204
10⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
9⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
8⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
6⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
5⤵
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
6⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
9⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
11⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
10⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
8⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
7⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
8⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
9⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
10⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 220
10⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 220
9⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
8⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
7⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
6⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
5⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
6⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
7⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
8⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
9⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
10⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
9⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
8⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
7⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
6⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
5⤵
- Program crash
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
4⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
2⤵
- Program crash
PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe

Filesize
184KB

MD5
d6a781c61e12863eaaf2feb83ce9398c

SHA1
1ecaaa3e1c272904ca48892c6c0f88392453d1c7

SHA256
df7cc59452c3ca17700ef904b23cdad29dcac78a00f84eca4fdd397024ab277c

SHA512
60cd17ff9451795feb7102a278f038fb712cbbde3f35df16eced0b40cf5ac1e3cfbf17ab1641a166b045c6a49edef9b105e6d575dcce76ce44d45631cab82686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe

Filesize
184KB

MD5
274e708df725c9f0e178827afdaa2af8

SHA1
09f174834f483efc1e28df109e34d886257cdf97

SHA256
579f912181d5e061924d74445c9357d8c7ff487da593505fa5af080e159d30fa

SHA512
1225f81fe99557bac650c0304395df5bb17efa4ac43a65ecc154799dcb5ba9d3e0a631a590228b2f6dd255677606d684fe1f80689d5ee1be9da1bf11d55ff01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe

Filesize
184KB

MD5
97e9fb2d82363eb1e2211278ee7e73d7

SHA1
504dc2f960e9df4afc20f263207f1ad82823248b

SHA256
f1e62910fa647872f4378f8bd42cf4afa553c7e6684d01373f7630511d8d46e0

SHA512
14473f9e191015657e70661a40347f1c0ab362389fedd0015ee195174b91c17c2cc12b0a830cf277d50ee6321a7da694fd198b5e385f1b42661311f92df88dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe

Filesize
184KB

MD5
c96bd3ed6acb5988dae8743f703a7242

SHA1
60a93497f372f9591f7ab64e4d0e72436da9ed94

SHA256
771193a90c35c98f3f73246ec6a1a66055907c317116aebc3f24c8df4da08083

SHA512
32fa5623ea5ebda1f391fe63be9aed31e7f9a4986a6ce2be5a2476e00ca472c9eda47805b4651e013eac3552dcca19553055f0e1c25e61613ef3f2ccbff59d01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe

Filesize
184KB

MD5
1ba1ee72d2635bd9cd774f398076af1c

SHA1
3caa3a41f85342540645cbc06d3c52fe00433c24

SHA256
b98483edb113c12101fcdd2ba54c99791f171e767aba0ca58114286d20a95044

SHA512
7900e5022b28c766f923f68ad2d241cbe66177cc6de64b88edfba8c49edb63bec6481a56d8e9fa7ce04659ca3f231379f8b40dd6507a79d2a65cabbeb9965373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6646.exe

Filesize
184KB

MD5
217ed2daaffca3537cc7bc7c9a0515be

SHA1
849ebcba88b8386ade81ae2fa2252ba2035c6eea

SHA256
2c893f3891922f802d93e1ddab22bc6239788d609904b910062824ce17be5ed7

SHA512
07fe2368cbb209e331db577d65b0164aa456d2a477564c55952dfe3b7ba36ed579a121a2d1602f46999f74781057b2b1271a92d0f894c57c282714aa7e218096

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe

Filesize
184KB

MD5
a68ba6096b23d4c32a1273a3a78311c6

SHA1
d8de67f72368e6cec9a8d91f9e0e88efe1017772

SHA256
8593dbaece26ab051f9b285351c6b64308cc003a4e1c7fbdd0493385dc212e43

SHA512
bcf689e2bf471245923ee31ef891a638ace97e1a65daa94f562a108797b2a20361681197f72f7b466a22ebcc3693b6dd9ee7209fdfd99c7fb70908a226ca3c92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe

Filesize
184KB

MD5
c058f4ada20b02f865460e2582b4cc2f

SHA1
c002bc9e8a28d3cb2260b260f8a5a1872a2e3d6e

SHA256
fd26d196722f1a46acae0e87ad4e9da914049ba4b6574d80f53691554249b7dd

SHA512
9413481263bfe9398dd5750cb3c6a613c07e8e83a1b844bfc32e7ebc3363ea15417009832dbd1afd300071118ba70408cad64b8fdbf1478dc61d73ec14e3f62d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe

Filesize
184KB

MD5
13eeed2262c9d862a8807817b1daa11a

SHA1
566db5d7d3009449fa39979dcedbbae94e2a0058

SHA256
d5bf4017ec8d66065df841d1bcb8d01b9aa061de151d3277ca01b462a7de9aea

SHA512
3c64ecc6f1b32c9c7c43e8ba55c94d6e3fd12bde808c9bc0efc68c17659bf1434fba913bb7213fa7ae75f6a40c1ebc030a13af37202c9bf03d77d5b4278e6333

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe

Filesize
184KB

MD5
70f53aa94cb21dd276267a78a894b2dd

SHA1
51f1551b9b6d4eec9900e3d7cf88af63da437180

SHA256
050a8bb3e7f48f061b40caf4085c867483ff772aba3ab7df8d47703586cedc91

SHA512
42389cde48cb88964a9b81928332a7df764e214bda4afe33da71c72f7710a725b1b3ea3431dc85fecdaf15697775f778495b9f25eec0aedec7a4672c88543d0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe

Filesize
184KB

MD5
6a7f63536f6ad60c24de8183515e2794

SHA1
5142a48fb949f7621f9870a7a8810a76305db363

SHA256
73088e63c5501f05d442c3265284e6126c9499a995bc24b89ec76cf48dadc586

SHA512
7fe41fcc24f7e9ce0752e66625f58fe0a0ac296754b5340abfefba4bd57fe9a4f36d57ce06cb953e00792c8dad105d5e69082222bd136cc80ace1576ca9b03cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe

Filesize
184KB

MD5
0d067ab9b73826e9175963233a64ba6a

SHA1
2f935729eb0c6d5f5d49eada33a12c31e36dfeef

SHA256
541148df95c4728adb5c1e9eca8f2f1a42820a64945f38427f88c82d13c5d96b

SHA512
106a3be2fdd56a94aa59a8a245c906a1b6dc19782c9a0facd7839e5051daa9cb1c2a06984abb7c0bd48d08627169e5a2e52d50114dd4d36f440d96eacbd083c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe

Filesize
184KB

MD5
64dfaf04eb9afddcb3c57ae0e7e1e752

SHA1
685516375ee5243ba8a766389a9ed6a746c502c5

SHA256
5e95a9f739bf83c2cd2867231db4c5cde1c11cabff991cba95147d12fd2a7fac

SHA512
2caa3e654e57529647bf1f02c8c368c9411225dcabe9118f629210645576ec164076a3ecef9ceccd81835a1b7a648988097ed7a596ba6fb79b7dc183f249abe5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe

Filesize
184KB

MD5
fd3c228c344dec819dd037ab8f4ae0ab

SHA1
8f8819674345f15d8455e3d8d354e3a875597c56

SHA256
3a388bce5ed949f270abe76d5cb6a8bbea33d5059d3fb02a86b91a028e84bf84

SHA512
ca05f8733e6af59a90c6236ea824475f3e24c24aeee6bf90e275a91929210ca282a848116606c415770d449797b886f43e04f234e54e0d7c11c34b5488b11503

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe

Filesize
184KB

MD5
993d2f6b07b46951c4bd86b87d27b219

SHA1
b72500705586b314252372e008d0fa555b7f02cc

SHA256
fb40169fc87afee83d63d59d9b4154f75f4b6c31749f65d01798aa7917247afb

SHA512
794e4584f69e314e1bb2bf732dd9aaae758ed1845c9761dcd2a540ef418dd0fa18bc25bd0481bde760bfbf6d9f7def00ccd8231a64d6c701a4d5f7091b40161c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe

Filesize
184KB

MD5
0e4c0dca8c0a5952051eddbd49adda69

SHA1
2076368193d0f67b1d240329af7762a8c40016b8

SHA256
bf6d81d5271fb27b68d2c0c86d49b706565591c5bab06ef4b8b6be2568b43300

SHA512
5265c2b98fbee13e17a9577ab5661a3095bc36897c13195d260d6d461468717298a6c438814d0238344f544183ad9153f81eebd95e2e9514a7e6585fa9ac6cdb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe

Filesize
184KB

MD5
00ed649bea1a0eccff9f6ff65e05f3e5

SHA1
e313bad0c9222c33a86fa1ed975d82fc5b4b1366

SHA256
35644736aeea72073937ce67c70d91d1e304426fb5f872a12b016347005a05d9

SHA512
42579947acf3bc3c4127e67c9ff53977fac0849f430973b38bd0be667c275e38d46a327b845f24ba72d423152b61a865bd20a3cf0faad96b4c795e643999d4be

Download Submit