9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
Size

184KB
MD5

f6e58206d380106a2dd94275b33f8d2b
SHA1

cef35e439de122ca83c3136fac979188a97e8968
SHA256

9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848
SHA512

4ec452fb1bbfb860abe667cde02a7380049d13a9d1f91e4d7f372e0661068488e7668d746c4a7f2e30f040e367b635c4b63a384a378752b753ce4590e7c476eb
SSDEEP

3072:Vl16cxoz5aFLZ7E6eDoLRTCPhlnniF3n3:VldoCF7E6LFCPhlnniF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-35455.exeUnicorn-48202.exeUnicorn-46126.exeUnicorn-64605.exeUnicorn-11237.exeUnicorn-56909.exeUnicorn-32677.exeUnicorn-46382.exeUnicorn-26516.exeUnicorn-56491.exeUnicorn-36625.exeUnicorn-10185.exeUnicorn-33215.exeUnicorn-47300.exeUnicorn-4793.exeUnicorn-53831.exeUnicorn-36810.exeUnicorn-14168.exeUnicorn-50987.exeUnicorn-42782.exeUnicorn-8443.exeUnicorn-28309.exeUnicorn-19093.exeUnicorn-36114.exeUnicorn-33793.exeUnicorn-57577.exeUnicorn-57577.exeUnicorn-24577.exeUnicorn-44443.exeUnicorn-2917.exeUnicorn-58620.exeUnicorn-7877.exeUnicorn-22054.exeUnicorn-33350.exeUnicorn-33350.exeUnicorn-33821.exeUnicorn-28201.exeUnicorn-48067.exeUnicorn-22717.exeUnicorn-16556.exeUnicorn-25265.exeUnicorn-50091.exeUnicorn-63796.exeUnicorn-64792.exeUnicorn-64792.exeUnicorn-29230.exeUnicorn-41399.exeUnicorn-43406.exeUnicorn-63272.exeUnicorn-9904.exeUnicorn-11912.exeUnicorn-50827.exeUnicorn-25725.exeUnicorn-17631.exeUnicorn-22608.exeUnicorn-44481.exeUnicorn-11434.exeUnicorn-31300.exeUnicorn-25139.exeUnicorn-65342.exeUnicorn-5814.exeUnicorn-54852.exeUnicorn-54852.exeUnicorn-54852.exe

pid	process
2204	Unicorn-35455.exe
2700	Unicorn-48202.exe
2328	Unicorn-46126.exe
2648	Unicorn-64605.exe
2632	Unicorn-11237.exe
2688	Unicorn-56909.exe
2528	Unicorn-32677.exe
3056	Unicorn-46382.exe
2992	Unicorn-26516.exe
2760	Unicorn-56491.exe
764	Unicorn-36625.exe
1808	Unicorn-10185.exe
828	Unicorn-33215.exe
2244	Unicorn-47300.exe
1680	Unicorn-4793.exe
2100	Unicorn-53831.exe
532	Unicorn-36810.exe
612	Unicorn-14168.exe
576	Unicorn-50987.exe
1620	Unicorn-42782.exe
1512	Unicorn-8443.exe
1672	Unicorn-28309.exe
2360	Unicorn-19093.exe
2036	Unicorn-36114.exe
2088	Unicorn-33793.exe
2964	Unicorn-57577.exe
2884	Unicorn-57577.exe
2228	Unicorn-24577.exe
1144	Unicorn-44443.exe
2408	Unicorn-2917.exe
2596	Unicorn-58620.exe
1632	Unicorn-7877.exe
804	Unicorn-22054.exe
2664	Unicorn-33350.exe
2704	Unicorn-33350.exe
2912	Unicorn-33821.exe
2792	Unicorn-28201.exe
2508	Unicorn-48067.exe
2744	Unicorn-22717.exe
2436	Unicorn-16556.exe
2300	Unicorn-25265.exe
1552	Unicorn-50091.exe
1300	Unicorn-63796.exe
2320	Unicorn-64792.exe
1320	Unicorn-64792.exe
2616	Unicorn-29230.exe
2868	Unicorn-41399.exe
2064	Unicorn-43406.exe
1492	Unicorn-63272.exe
1032	Unicorn-9904.exe
2832	Unicorn-11912.exe
2928	Unicorn-50827.exe
1596	Unicorn-25725.exe
552	Unicorn-17631.exe
3064	Unicorn-22608.exe
1744	Unicorn-44481.exe
1780	Unicorn-11434.exe
2020	Unicorn-31300.exe
796	Unicorn-25139.exe
1772	Unicorn-65342.exe
2656	Unicorn-5814.exe
1684	Unicorn-54852.exe
2784	Unicorn-54852.exe
1216	Unicorn-54852.exe

Loads dropped DLL 64 IoCs

Processes:

9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exeUnicorn-35455.exeUnicorn-48202.exeUnicorn-46126.exeWerFault.exeUnicorn-11237.exeUnicorn-64605.exeUnicorn-56909.exeWerFault.exeWerFault.exeUnicorn-32677.exeUnicorn-46382.exeUnicorn-26516.exeUnicorn-36625.exeUnicorn-56491.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
2204	Unicorn-35455.exe
2204	Unicorn-35455.exe
2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
2700	Unicorn-48202.exe
2328	Unicorn-46126.exe
2700	Unicorn-48202.exe
2328	Unicorn-46126.exe
2204	Unicorn-35455.exe
2204	Unicorn-35455.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2632	Unicorn-11237.exe
2328	Unicorn-46126.exe
2632	Unicorn-11237.exe
2648	Unicorn-64605.exe
2328	Unicorn-46126.exe
2648	Unicorn-64605.exe
2688	Unicorn-56909.exe
2688	Unicorn-56909.exe
2700	Unicorn-48202.exe
2700	Unicorn-48202.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2840	WerFault.exe
2528	Unicorn-32677.exe
2528	Unicorn-32677.exe
2632	Unicorn-11237.exe
2632	Unicorn-11237.exe
3056	Unicorn-46382.exe
3056	Unicorn-46382.exe
2648	Unicorn-64605.exe
2648	Unicorn-64605.exe
2992	Unicorn-26516.exe
2992	Unicorn-26516.exe
764	Unicorn-36625.exe
764	Unicorn-36625.exe
2760	Unicorn-56491.exe
2760	Unicorn-56491.exe
2688	Unicorn-56909.exe
2688	Unicorn-56909.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
844	WerFault.exe
1656	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2740	2184	WerFault.exe	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
2592	2204	WerFault.exe	Unicorn-35455.exe
2840	2700	WerFault.exe	Unicorn-48202.exe
2876	2328	WerFault.exe	Unicorn-46126.exe
1096	2632	WerFault.exe	Unicorn-11237.exe
844	2648	WerFault.exe	Unicorn-64605.exe
1656	2688	WerFault.exe	Unicorn-56909.exe
1528	2528	WerFault.exe	Unicorn-32677.exe
372	3056	WerFault.exe	Unicorn-46382.exe
1776	2992	WerFault.exe	Unicorn-26516.exe
2724	764	WerFault.exe	Unicorn-36625.exe
2248	2760	WerFault.exe	Unicorn-56491.exe
2692	1808	WerFault.exe	Unicorn-10185.exe
1676	828	WerFault.exe	Unicorn-33215.exe
1848	1680	WerFault.exe	Unicorn-4793.exe
2352	2244	WerFault.exe	Unicorn-47300.exe
1336	612	WerFault.exe	Unicorn-14168.exe
2908	2100	WerFault.exe	Unicorn-53831.exe
2284	576	WerFault.exe	Unicorn-50987.exe
2936	532	WerFault.exe	Unicorn-36810.exe
980	1620	WerFault.exe	Unicorn-42782.exe
464	1672	WerFault.exe	Unicorn-28309.exe
1228	1512	WerFault.exe	Unicorn-8443.exe
876	2360	WerFault.exe	Unicorn-19093.exe
1600	2036	WerFault.exe	Unicorn-36114.exe
1644	2088	WerFault.exe	Unicorn-33793.exe
2536	2964	WerFault.exe	Unicorn-57577.exe
2896	2884	WerFault.exe	Unicorn-57577.exe
1588	1144	WerFault.exe	Unicorn-44443.exe
2104	2228	WerFault.exe	Unicorn-24577.exe
2304	2596	WerFault.exe	Unicorn-58620.exe
2988	2408	WerFault.exe	Unicorn-2917.exe
3212	1632	WerFault.exe	Unicorn-7877.exe
3372	804	WerFault.exe	Unicorn-22054.exe
3444	2744	WerFault.exe	Unicorn-22717.exe
3452	2704	WerFault.exe	Unicorn-33350.exe
3512	2792	WerFault.exe	Unicorn-28201.exe
3556	2436	WerFault.exe	Unicorn-16556.exe
3568	1032	WerFault.exe	Unicorn-9904.exe
3660	1552	WerFault.exe	Unicorn-50091.exe
3696	2300	WerFault.exe	Unicorn-25265.exe
3816	2508	WerFault.exe	Unicorn-48067.exe
3828	2868	WerFault.exe	Unicorn-41399.exe
3884	1492	WerFault.exe	Unicorn-63272.exe
3988	2064	WerFault.exe	Unicorn-43406.exe
3124	2616	WerFault.exe	Unicorn-29230.exe
3144	1320	WerFault.exe	Unicorn-64792.exe
3256	1300	WerFault.exe	Unicorn-63796.exe
3268	2832	WerFault.exe	Unicorn-11912.exe
3392	2320	WerFault.exe	Unicorn-64792.exe
3476	2912	WerFault.exe	Unicorn-33821.exe
3364	2432	WerFault.exe	Unicorn-51702.exe
3860	1248	WerFault.exe	Unicorn-6030.exe
4012	2664	WerFault.exe	Unicorn-33350.exe
3240	3064	WerFault.exe	Unicorn-22608.exe
3424	2140	WerFault.exe	Unicorn-45755.exe
3396	1684	WerFault.exe	Unicorn-54852.exe
3644	1428	WerFault.exe	Unicorn-20269.exe
3668	1216	WerFault.exe	Unicorn-54852.exe
3744	2836	WerFault.exe	Unicorn-22834.exe
3756	2784	WerFault.exe	Unicorn-54852.exe
3972	2656	WerFault.exe	Unicorn-5814.exe
4008	1532	WerFault.exe	Unicorn-57924.exe
3976	1516	WerFault.exe	Unicorn-5044.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exeUnicorn-35455.exeUnicorn-48202.exeUnicorn-46126.exeUnicorn-64605.exeUnicorn-11237.exeUnicorn-56909.exeUnicorn-32677.exeUnicorn-26516.exeUnicorn-36625.exeUnicorn-46382.exeUnicorn-56491.exeUnicorn-10185.exeUnicorn-33215.exeUnicorn-47300.exeUnicorn-4793.exeUnicorn-53831.exeUnicorn-36810.exeUnicorn-50987.exeUnicorn-14168.exeUnicorn-42782.exeUnicorn-28309.exeUnicorn-8443.exeUnicorn-19093.exeUnicorn-36114.exeUnicorn-33793.exeUnicorn-57577.exeUnicorn-57577.exeUnicorn-24577.exeUnicorn-44443.exeUnicorn-58620.exeUnicorn-2917.exeUnicorn-7877.exeUnicorn-22054.exeUnicorn-33350.exeUnicorn-33350.exeUnicorn-33821.exeUnicorn-48067.exeUnicorn-28201.exeUnicorn-22717.exeUnicorn-16556.exeUnicorn-25265.exeUnicorn-50091.exeUnicorn-63796.exeUnicorn-64792.exeUnicorn-64792.exeUnicorn-29230.exeUnicorn-43406.exeUnicorn-41399.exeUnicorn-63272.exeUnicorn-9904.exeUnicorn-11912.exeUnicorn-50827.exeUnicorn-25725.exeUnicorn-17631.exeUnicorn-44481.exeUnicorn-22608.exeUnicorn-11434.exeUnicorn-31300.exeUnicorn-65342.exeUnicorn-25139.exeUnicorn-5814.exeUnicorn-54852.exeUnicorn-54852.exe

pid	process
2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
2204	Unicorn-35455.exe
2700	Unicorn-48202.exe
2328	Unicorn-46126.exe
2648	Unicorn-64605.exe
2632	Unicorn-11237.exe
2688	Unicorn-56909.exe
2528	Unicorn-32677.exe
2992	Unicorn-26516.exe
764	Unicorn-36625.exe
3056	Unicorn-46382.exe
2760	Unicorn-56491.exe
1808	Unicorn-10185.exe
828	Unicorn-33215.exe
2244	Unicorn-47300.exe
1680	Unicorn-4793.exe
2100	Unicorn-53831.exe
532	Unicorn-36810.exe
576	Unicorn-50987.exe
612	Unicorn-14168.exe
1620	Unicorn-42782.exe
1672	Unicorn-28309.exe
1512	Unicorn-8443.exe
2360	Unicorn-19093.exe
2036	Unicorn-36114.exe
2088	Unicorn-33793.exe
2884	Unicorn-57577.exe
2964	Unicorn-57577.exe
2228	Unicorn-24577.exe
1144	Unicorn-44443.exe
2596	Unicorn-58620.exe
2408	Unicorn-2917.exe
1632	Unicorn-7877.exe
804	Unicorn-22054.exe
2664	Unicorn-33350.exe
2704	Unicorn-33350.exe
2912	Unicorn-33821.exe
2508	Unicorn-48067.exe
2792	Unicorn-28201.exe
2744	Unicorn-22717.exe
2436	Unicorn-16556.exe
2300	Unicorn-25265.exe
1552	Unicorn-50091.exe
1300	Unicorn-63796.exe
1320	Unicorn-64792.exe
2320	Unicorn-64792.exe
2616	Unicorn-29230.exe
2064	Unicorn-43406.exe
2868	Unicorn-41399.exe
1492	Unicorn-63272.exe
1032	Unicorn-9904.exe
2832	Unicorn-11912.exe
2928	Unicorn-50827.exe
1596	Unicorn-25725.exe
552	Unicorn-17631.exe
1744	Unicorn-44481.exe
3064	Unicorn-22608.exe
1780	Unicorn-11434.exe
2020	Unicorn-31300.exe
1772	Unicorn-65342.exe
796	Unicorn-25139.exe
2656	Unicorn-5814.exe
2784	Unicorn-54852.exe
1684	Unicorn-54852.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exeUnicorn-35455.exeUnicorn-48202.exeUnicorn-46126.exeUnicorn-11237.exeUnicorn-64605.exeUnicorn-56909.exeUnicorn-32677.exe

description	pid	process	target process
PID 2184 wrote to memory of 2204	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-35455.exe
PID 2184 wrote to memory of 2204	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-35455.exe
PID 2184 wrote to memory of 2204	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-35455.exe
PID 2184 wrote to memory of 2204	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-35455.exe
PID 2204 wrote to memory of 2700	2204	Unicorn-35455.exe	Unicorn-48202.exe
PID 2204 wrote to memory of 2700	2204	Unicorn-35455.exe	Unicorn-48202.exe
PID 2204 wrote to memory of 2700	2204	Unicorn-35455.exe	Unicorn-48202.exe
PID 2204 wrote to memory of 2700	2204	Unicorn-35455.exe	Unicorn-48202.exe
PID 2184 wrote to memory of 2328	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-46126.exe
PID 2184 wrote to memory of 2328	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-46126.exe
PID 2184 wrote to memory of 2328	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-46126.exe
PID 2184 wrote to memory of 2328	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	Unicorn-46126.exe
PID 2184 wrote to memory of 2740	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	WerFault.exe
PID 2184 wrote to memory of 2740	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	WerFault.exe
PID 2184 wrote to memory of 2740	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	WerFault.exe
PID 2184 wrote to memory of 2740	2184	9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe	WerFault.exe
PID 2700 wrote to memory of 2648	2700	Unicorn-48202.exe	Unicorn-64605.exe
PID 2700 wrote to memory of 2648	2700	Unicorn-48202.exe	Unicorn-64605.exe
PID 2700 wrote to memory of 2648	2700	Unicorn-48202.exe	Unicorn-64605.exe
PID 2700 wrote to memory of 2648	2700	Unicorn-48202.exe	Unicorn-64605.exe
PID 2328 wrote to memory of 2632	2328	Unicorn-46126.exe	Unicorn-11237.exe
PID 2328 wrote to memory of 2632	2328	Unicorn-46126.exe	Unicorn-11237.exe
PID 2328 wrote to memory of 2632	2328	Unicorn-46126.exe	Unicorn-11237.exe
PID 2328 wrote to memory of 2632	2328	Unicorn-46126.exe	Unicorn-11237.exe
PID 2204 wrote to memory of 2688	2204	Unicorn-35455.exe	Unicorn-56909.exe
PID 2204 wrote to memory of 2688	2204	Unicorn-35455.exe	Unicorn-56909.exe
PID 2204 wrote to memory of 2688	2204	Unicorn-35455.exe	Unicorn-56909.exe
PID 2204 wrote to memory of 2688	2204	Unicorn-35455.exe	Unicorn-56909.exe
PID 2204 wrote to memory of 2592	2204	Unicorn-35455.exe	WerFault.exe
PID 2204 wrote to memory of 2592	2204	Unicorn-35455.exe	WerFault.exe
PID 2204 wrote to memory of 2592	2204	Unicorn-35455.exe	WerFault.exe
PID 2204 wrote to memory of 2592	2204	Unicorn-35455.exe	WerFault.exe
PID 2632 wrote to memory of 2528	2632	Unicorn-11237.exe	Unicorn-32677.exe
PID 2632 wrote to memory of 2528	2632	Unicorn-11237.exe	Unicorn-32677.exe
PID 2632 wrote to memory of 2528	2632	Unicorn-11237.exe	Unicorn-32677.exe
PID 2632 wrote to memory of 2528	2632	Unicorn-11237.exe	Unicorn-32677.exe
PID 2328 wrote to memory of 2992	2328	Unicorn-46126.exe	Unicorn-26516.exe
PID 2328 wrote to memory of 2992	2328	Unicorn-46126.exe	Unicorn-26516.exe
PID 2328 wrote to memory of 2992	2328	Unicorn-46126.exe	Unicorn-26516.exe
PID 2328 wrote to memory of 2992	2328	Unicorn-46126.exe	Unicorn-26516.exe
PID 2648 wrote to memory of 3056	2648	Unicorn-64605.exe	Unicorn-46382.exe
PID 2648 wrote to memory of 3056	2648	Unicorn-64605.exe	Unicorn-46382.exe
PID 2648 wrote to memory of 3056	2648	Unicorn-64605.exe	Unicorn-46382.exe
PID 2648 wrote to memory of 3056	2648	Unicorn-64605.exe	Unicorn-46382.exe
PID 2688 wrote to memory of 2760	2688	Unicorn-56909.exe	Unicorn-56491.exe
PID 2688 wrote to memory of 2760	2688	Unicorn-56909.exe	Unicorn-56491.exe
PID 2688 wrote to memory of 2760	2688	Unicorn-56909.exe	Unicorn-56491.exe
PID 2688 wrote to memory of 2760	2688	Unicorn-56909.exe	Unicorn-56491.exe
PID 2700 wrote to memory of 764	2700	Unicorn-48202.exe	Unicorn-36625.exe
PID 2700 wrote to memory of 764	2700	Unicorn-48202.exe	Unicorn-36625.exe
PID 2700 wrote to memory of 764	2700	Unicorn-48202.exe	Unicorn-36625.exe
PID 2700 wrote to memory of 764	2700	Unicorn-48202.exe	Unicorn-36625.exe
PID 2700 wrote to memory of 2840	2700	Unicorn-48202.exe	WerFault.exe
PID 2700 wrote to memory of 2840	2700	Unicorn-48202.exe	WerFault.exe
PID 2700 wrote to memory of 2840	2700	Unicorn-48202.exe	WerFault.exe
PID 2700 wrote to memory of 2840	2700	Unicorn-48202.exe	WerFault.exe
PID 2328 wrote to memory of 2876	2328	Unicorn-46126.exe	WerFault.exe
PID 2328 wrote to memory of 2876	2328	Unicorn-46126.exe	WerFault.exe
PID 2328 wrote to memory of 2876	2328	Unicorn-46126.exe	WerFault.exe
PID 2328 wrote to memory of 2876	2328	Unicorn-46126.exe	WerFault.exe
PID 2528 wrote to memory of 1808	2528	Unicorn-32677.exe	Unicorn-10185.exe
PID 2528 wrote to memory of 1808	2528	Unicorn-32677.exe	Unicorn-10185.exe
PID 2528 wrote to memory of 1808	2528	Unicorn-32677.exe	Unicorn-10185.exe
PID 2528 wrote to memory of 1808	2528	Unicorn-32677.exe	Unicorn-10185.exe

C:\Users\Admin\AppData\Local\Temp\9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe
"C:\Users\Admin\AppData\Local\Temp\9215a2bd110bc3cf1e6a7216185bf11b4be849a08d4c4f9eb90c6af8710d4848.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
10⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
11⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
12⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
13⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
14⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
15⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
14⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
13⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
12⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
11⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
10⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
9⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
11⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
12⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
13⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
14⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 236
14⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
13⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
12⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
11⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
10⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
9⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
9⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
10⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
12⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
13⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
14⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
14⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
13⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
11⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
12⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
13⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
11⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
9⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
8⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
9⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
11⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20120.exe
12⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
13⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
14⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
14⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
12⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
10⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
9⤵
- Program crash
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
8⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
7⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
9⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
10⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
12⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
13⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37338.exe
14⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 216
14⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
13⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
12⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
10⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
9⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
11⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
12⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
13⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
12⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
9⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
7⤵
- Program crash
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
6⤵
- Program crash
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
9⤵
PID:236

C:\Users\Admin\AppData\Local\Temp\Unicorn-47756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47756.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
11⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 200
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
11⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 216
10⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
9⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
8⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
7⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
8⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
9⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
12⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
13⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
11⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
12⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
8⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
8⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
11⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
12⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
13⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
12⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17963.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
11⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 220
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
10⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
8⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
8⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
12⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
13⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
12⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
11⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
9⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
8⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
10⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
11⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
13⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
11⤵
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30877.exe
9⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
10⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
11⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
12⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
10⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
8⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
10⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
11⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
12⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
11⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
10⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
8⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
7⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
10⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
11⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
12⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
12⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 236
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
7⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
6⤵
- Program crash
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
8⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
10⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
11⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
12⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
13⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 216
13⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
11⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
9⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
12⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 236
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
10⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
7⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
11⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
12⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
11⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
8⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 220
7⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
6⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
7⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
8⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
9⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
10⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
11⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 236
11⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
10⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
9⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
8⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
7⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
6⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
5⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
8⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
9⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
11⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
12⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
13⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
14⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 216
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
12⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
11⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
11⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
12⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 220
13⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
12⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
8⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
11⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
12⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
13⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 236
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
8⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
7⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
11⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
12⤵
PID:11604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
13⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
8⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
7⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
11⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 220
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
7⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
12⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 236
12⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 236
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 216
8⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
7⤵
- Program crash
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
6⤵
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
8⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
12⤵
PID:11688

C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
13⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
7⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58522.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
10⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
11⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
12⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 216
8⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
7⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
6⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
7⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
8⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
13⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
13⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
8⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
7⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
11⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
12⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
11⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
7⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
6⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
8⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
10⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
11⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
12⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
9⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
8⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
7⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
6⤵
- Program crash
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
6⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
9⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
10⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
11⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
12⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
12⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
9⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
10⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
11⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
11⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
10⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
9⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
8⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
6⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
7⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
8⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
9⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
10⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
11⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 236
10⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
9⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
8⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
7⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
6⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
5⤵
- Program crash
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
9⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
10⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
11⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
12⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
13⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
14⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
14⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
13⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
11⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 216
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
11⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
12⤵
PID:9704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 236
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
12⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
8⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
11⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
12⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
13⤵
PID:11816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
14⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
12⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
9⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
11⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
12⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47538.exe
13⤵
PID:11920

C:\Users\Admin\AppData\Local\Temp\Unicorn-36699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36699.exe
14⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
13⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
12⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
11⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
10⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
10⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
11⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
11⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
8⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17631.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
8⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
11⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23761.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
11⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
11⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
11⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
7⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44501.exe
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
11⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 236
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
11⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
8⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
7⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15792.exe
13⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
11⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
10⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
11⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 236
12⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 236
11⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
10⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
10⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
11⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 236
12⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
11⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
7⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
9⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
10⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
11⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
10⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
8⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 216
7⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 220
6⤵
- Program crash
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
5⤵
- Program crash
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28200.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
10⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
11⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
12⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 220
12⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
8⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
7⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
10⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
11⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
12⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
11⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
9⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
8⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
10⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
11⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
12⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 236
11⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
10⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
9⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
8⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
6⤵
- Program crash
PID:464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
6⤵
- Executes dropped EXE
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
10⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
11⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
12⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 236
11⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
10⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
9⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
7⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
6⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
7⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55565.exe
8⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
9⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
10⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
11⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
10⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
9⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
8⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
7⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
6⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
5⤵
- Program crash
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
7⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
11⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
11⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
9⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 236
8⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
7⤵
- Program crash
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
6⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
10⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
11⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 216
12⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 236
11⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
7⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
9⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
10⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
11⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
10⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
9⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
8⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
7⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 220
6⤵
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
7⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
9⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
10⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
11⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
11⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
10⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
9⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
7⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
6⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
9⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
10⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
10⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
8⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
7⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
6⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 220
5⤵
- Program crash
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
4⤵
- Program crash
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
2⤵
- Program crash
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe

Filesize
184KB

MD5
ccbd4b32eacba866fd5d2ec3b6804cec

SHA1
e804d3684efe0b8e097a0bef79088dae682b29e1

SHA256
e1c93d4be949f7317d5505f065c8df78e3b98af1c1762c55ddbb8e26fdff7626

SHA512
430908f6a5186ebe256aaae912e593d0e57d02f23f9d58cac971cd354c1e98bafe20fa41fbdfe95813cd5813836dec8ce6a2e7d079cdc62219dc7105f41ea578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe

Filesize
184KB

MD5
1966180020e57863cabe87d3fde6d228

SHA1
73906bc5e686609ad5f4d98447303c27416d33bf

SHA256
274c560673e70ea879d1ced2f661fcbe8d884d5430fdd5d20b5569fbe56bf60d

SHA512
7437a75944c82a631a1909fb540b29de9915713ec229ca1d1ce29b245598fad2cec4c7e72fc5c7753be0c7f7bade165fc1ae8483d45d02771c80d20506bbc325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe

Filesize
184KB

MD5
ad7f9675e7078fdaacf221d796812a00

SHA1
4a2a73c7d0f75f151f9db1551001a306195fd4de

SHA256
9f1cb889ac7fc073bbaa583e10755d0b5714a426c039dffc0099edcf613f07f9

SHA512
72cc23e0d706b7229a5cb43cfbf0c90db47dd55e402b4c80226bce8bd9d55b9cae461ef5a35ff53937290ecb1034447201c398031a2a0c39cf4bad7deab1003e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe

Filesize
184KB

MD5
c06c4cae682ae1103fcece06d266c501

SHA1
c759380b5be10ae8e7e754c7adf7bc52c044d8f9

SHA256
573722912996e8faf2b8da5c1364ee8d7b546a0cf6cf1081cc27776225ebfc7b

SHA512
39845cd8075c66fd3c8201e5df39c692307028292c9d3ab89f185900b2816732b011ccbfdb97a90a51a5d497d3d6c6e673c6ae73c87db4c7264e91067f848c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe

Filesize
184KB

MD5
e1d649dbe8e9f264ee6d51e4ec47b40a

SHA1
64b5bddd894145dff084da69d6c22efb231eaa97

SHA256
3f9e9b82fa1bfc31d1bb95d17a05fbaba5b745dfc053c9889b4794f6ca03245c

SHA512
05536deb7b2ff8a03c27642048a21298f005198a74050bca201dace3345dd56b3c639cfaf6746f38d110fd17b46f4ce1d8c811907801224067ac15461adbce9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe

Filesize
184KB

MD5
0f1a88b6f380329353bacc6dbe2958f8

SHA1
68d93135a665efa08a54cef2b0a37425916732b9

SHA256
8763224717fb752657dd929d1c39e3ffb71f693eae8d9a322d2fde01a1ba07e5

SHA512
5d77b8c95d2b39da5b14a6a1aecb6a50381a2c8d68edcb05ceb951903e864a3fbbfab785ba193e2090ca7a4921d27031585e4bd29e3a0c3eb497646f2fb99a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe

Filesize
184KB

MD5
61c74d92553a154edab8f4fa2e0eb390

SHA1
893f74a727ab6eaf1d367b319f66d2d02accd487

SHA256
380b2e38e3c813a468f061a21f4ead04798eadad25381c3dadfd71c8a9bdf6cb

SHA512
1d99e1f42c715ac3a7fa217027492cae9dc9f8a46174516712579f8825601100b46af6ddcdfe397699f53408b287915134e0d5ae8fd7d775504df5618cfaf2c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe

Filesize
184KB

MD5
63b8253b85d326fc39216088b9d41d6d

SHA1
570fe522983449594a8fff4ccec5d6c0912d7759

SHA256
c4e3a721ec65a02bcf847bb4b7b42af59dcf279cbfbf9a89c89ecea3f12714f3

SHA512
bf560d651026380aace95aeee044c5df8ab00c87a51a1546e01e6ab3e17936f19220c362d01ed243adcd0a737afd49c9dbaa767ab90f4344f24d7d80f4e9469f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe

Filesize
184KB

MD5
f8340dac45ba2ce81e8b2ebea4f15c62

SHA1
2dcdeb481f74e39704eea5d08eccd776f3039a45

SHA256
65bd45102cab066928afa50ccdc4df4e589e50a965c8b04d7209c772c6f511fc

SHA512
c2d99a574a2e4b8a61fa3303fb4b0c058809e2710ec1b8d0aded615870304d1ba8b4282c6f790cf5f7837bac3241b47aae30761b375becc72aa88d8976b8374f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe

Filesize
184KB

MD5
0919ac8fd54d95db00b48be5d5ae3bd8

SHA1
8d3ff3e1f31089b50736453b8f8eafaa94e59e87

SHA256
30c6de42af0e219a9bf089e7b77e81a9e4c8f4c3f911bf65827ad3ebe8ad8aa9

SHA512
e0dd1181145ecf2bae0c5fcedf1b73d88dcaf5c4021538e8eee282459b355ff3658d8fc90b2686f4f2ebd8ee8eff36016883901568ae0a1de34968ebc7c7f832

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe

Filesize
184KB

MD5
24be32ebda29fd9fd0eb25dd5389212e

SHA1
458b296e244226a65ae983d4288bb79e6ec60959

SHA256
1e17e619638ef900934c4273efea9b0c56abf01d1904bbd5cff99c299860666f

SHA512
0f4170484478727a3cf369c4a7c741dd1f641eb44bf594101af8ab3d0cbfcaa8cc7b268b671ad336ca087f9f3f288ca590a12a8bac233b9eebf566a6b8bfeea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe

Filesize
184KB

MD5
349292b4bee65a0231d917313940eb94

SHA1
15947d9a62085d549dc0001d6a3a0d30f467d55d

SHA256
74360f4757b7cecfaa46b690159faaf65c633362a3813e72374d974143052daf

SHA512
ad5ca433aabd615c5881f7971ed3b41ca84e56fd9d025bd3a8dd738271e76bdd0be75921ae45283530317e8f5b6f96df3096de66f722b37643751c29749a3ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe

Filesize
184KB

MD5
a092d9ec2ba664d124db1fe706fe5da2

SHA1
8221620fae4da1adf305109293d67373f8dfa36b

SHA256
dd18192ea6c740d85ea42c60d8ef57ebf74efdbfa6bcd0769227f4b2cf65555c

SHA512
58960040e9e18398b9586a3e80ecb95a6e010157c4206577062a23d7fdae1084e64002982df8b6d14108d0dc582e322ef8156c8c9b197de573f7105b15a73a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe

Filesize
184KB

MD5
a209e82baf30282e6ce441578ade56bb

SHA1
d7a4d29a7d00102fd1472246fd3b1d6692b82138

SHA256
ba72f30376d98cf19e44f512ede0b834340a9a59d9bb857f781f2b0cca4ba9f0

SHA512
108e187b8476a5f4760075f367bbe47e8ce12ae94e7356b8d4677a65cd6bdd983e88d6f40514e52759a318c229aa615f519c03711b38f48b86f930fe4a8c63a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe

Filesize
184KB

MD5
f206fd14ac2a8ea4fe269b2f8f474791

SHA1
185ca4185addeea2bc6ee780078da70105b12fb3

SHA256
7ab7a9844668d0838123a1b5188f10fff444cecad10fbc0de91841c0f2379353

SHA512
dc90adade9868851320042acf5de8944a9a893bd86a0539eefa22b5773a36c8d8d1c372614f9b70f908a50bf90012b3c20a32daa2c1ca7d04cfab4fd0e27e904

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe

Filesize
184KB

MD5
659f276ecc09145635d8bbd56d683156

SHA1
f0741dcd2220898444adebd3656152257aea9165

SHA256
6fc9665488df5594635687162d31853886ac0b7d8f7d95c5729807a388af851c

SHA512
7bd6bd62778ff161dc63c42ca99788c5cc024f678bf133d5a4f295fcb65c5ab09707122a0c588905ddca2b92c36283d7c47b5c69ccac8585d84f098184eb4d8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe

Filesize
184KB

MD5
6d2d6e28ba823bdf60b6eaf0e053299d

SHA1
e71cec3f31ea78ef71541a36a20264f3ab88c26d

SHA256
4c7b5b60b0c146118256b70ef914e3f9854e0b39b168de6f40a0ba1f526cd898

SHA512
5c2e756dd631e251484668d9be37f8421e4f4ed362de56773390afd8a0891ba077e295448f9ce4408a89c64631e9e8ba20b20ee8540067faf89db2dd44e23089

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe

Filesize
184KB

MD5
c7fab004610a8ac1ff7a4d568f4edb26

SHA1
aaefa86342cb4e5899a7ffb4a10348c7aa1fca10

SHA256
6052247be4d061cbda48ed077f24e35756749d92acc2b75710a83a85d1f2fc5c

SHA512
3d8e15616b65692ae56f29b20c9941a0a2787820b034e8c577b930a189e5af85f23dd8189653bf169c9080d1204c65b484122da4c08505ec792012a8c3e1d7fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe

Filesize
184KB

MD5
6a7d781de835c87dcec8e53a219bdd85

SHA1
9890c279942bd0a7ee89684d0098f35bd37b24d4

SHA256
32b078345aa46e0c5fabef2fecff5d02fd6188ff72a57e7e525f3fa7639b461a

SHA512
2c2e5eba50c829dbe372884d0d0212ad81ef7af3a69a392c6252b689159d2efc6de0ccacd8749dee7c7e7e4f07b68a87ec736258a9e6436fb17beab8ac00e0f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe

Filesize
184KB

MD5
9b2ba8d9968a828fc0cd913e26a2f05e

SHA1
f85e56697612e32cd66f2f04816d558f2641ecc8

SHA256
2b20405436cdad6de4ccae3f7af674e9d5ffc40b9dab85e0764bfb73703aec4f

SHA512
0b98708b3043badfeee3cc209a1f74e0c01342a0b1f2d228e4a71423d138f7ba1a76673bd663a39529d3870dd672b0d24d20d86b367d70e8f42639c70911b60c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe

Filesize
184KB

MD5
770b7e00848f6d4dcc97a984cf8d0bef

SHA1
b90a1307c419c20ca41d5807b754c7cc32602a62

SHA256
8294339bbde0c3842f2262bc4fe5f31b297777401dd360eaf340795e1e9d7190

SHA512
3415b3bf060f26e3269bb74854bbe8bd65de014aff6c8567ff992aca008c77209f94e56e2edc985bb47564eaa997bd3ac9fa9fe70a5925fdda575891cadbd004

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe

Filesize
184KB

MD5
2f4fcce47458767ebf96fbfcbeb822d1

SHA1
78765a6572d439378b0195f66795d55546454543

SHA256
69a278a67140e0ca6ec113f6155aac99e6800755cbb598eca9d8138a5c4107ab

SHA512
2704dbb889e5e0c319e7078e76f7a3b9e54eb1f70bee64de5854c8f928d485b9fbc8f193fc9b20404cf101431dd4d979637ec7ed29a3c4cf78946a4e51f623a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe

Filesize
184KB

MD5
956e380d3f5312ab5e08f4254eee6531

SHA1
2ca20c1a4246ca38a6b2939941462b1082c38383

SHA256
8c6570286c30c9d89c7b2c7e9e65e78dd7bdea68f62e3f266e3514db4f536c91

SHA512
48eb13b6b13508c851ec7045a6a0e42a206fdb18db5b80ae692fde5592db13a9c9967c4836fcf76df14b8a57c0f302e1cb3de9753901ef683b404ed59d1e3b4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe

Filesize
184KB

MD5
7f7a0be4063f6eebd1666e93660ac2f2

SHA1
ca9bbc8af112cf7556c5479842b8a84171d0bfd5

SHA256
d2275d59cde1d0ed9c14f9ee937fdf47d0ef35db7a5676890c285bfa103544ae

SHA512
52b9741d7a367dbd43a1bc1b893a7c5df8946ad1a9219ff80a117c05fdbd8266bef16f25ae6781f8c1f7f7ef4c0df16943bf6f37f21fc3c3ef70bf64308b6802

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe

Filesize
184KB

MD5
532654077bec33c6f3bcfa22a0a2caa3

SHA1
dbee872e1a85b52c3508b1fcaca41a4b25d5c9de

SHA256
11125cf54dc8d5b0a7961fb9a278625953439d0135acaadf2ef046a69542beb6

SHA512
431aa8fcef981ace64ea6f56c87d1f78cbbf97e8d128b59835790fad9ddc9d146352307a2d74b4ba6e39c9e45d5abb99ca580aee021b844f9799d0ae8da17550

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe

Filesize
184KB

MD5
383b6ba5a9ab18c8df72b860c1455380

SHA1
e85ecac504c0dd8c1dc98ab27781735dcbaa0571

SHA256
9c0c29898bba14000709b8deb7003b2d08d353b0778ce8a2f5f87e9c638536c9

SHA512
8d74f9a799cb1b3efe86e9d6f18b30035b7771a5daa2b07f4d040ee555d341ec524da928c1f4bb06b3e57ce4acafb040e2b4dd8edd0e20fae5b5f4c1165688bf

Download Submit