9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
Size

184KB
MD5

6c5334dccbdbb040a8cb50e534539d97
SHA1

57ee63430222e9d8c72c32d22061f78f53d9ca0b
SHA256

9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3
SHA512

d8277201d6a612cd49b9b37e8183263cbcc7311f4e2d91f7c58450776d73f69533c747f5f280c1ba0e309f92c295f55b86a3ff82ac25ac3ab845518aaeacd538
SSDEEP

1536:W7pJ6jZ4m3JxoVx1tJOAlawMG2Iyv1clDmd8S7LR2AzetUhl5hj5niApvY:AyJ3Jxob7JOTdGtWqi7LRXsUhlnVimQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-45654.exeUnicorn-5160.exeUnicorn-25026.exeUnicorn-18313.exeUnicorn-28405.exeUnicorn-27005.exeUnicorn-32059.exeUnicorn-45764.exeUnicorn-53849.exeUnicorn-33983.exeUnicorn-64025.exeUnicorn-21101.exeUnicorn-52792.exeUnicorn-41843.exeUnicorn-27322.exeUnicorn-41843.exeUnicorn-63441.exeUnicorn-26602.exeUnicorn-7997.exeUnicorn-34027.exeUnicorn-14161.exeUnicorn-33542.exeUnicorn-13448.exeUnicorn-59120.exeUnicorn-65036.exeUnicorn-24553.exeUnicorn-21093.exeUnicorn-21093.exeUnicorn-61440.exeUnicorn-38799.exeUnicorn-10080.exeUnicorn-46660.exeUnicorn-60837.exeUnicorn-10396.exeUnicorn-12160.exeUnicorn-2752.exeUnicorn-25097.exeUnicorn-13468.exeUnicorn-9021.exeUnicorn-23198.exeUnicorn-8497.exeUnicorn-8497.exeUnicorn-6338.exeUnicorn-21435.exeUnicorn-55477.exeUnicorn-55477.exeUnicorn-17054.exeUnicorn-36920.exeUnicorn-53318.exeUnicorn-33279.exeUnicorn-1784.exeUnicorn-1260.exeUnicorn-29910.exeUnicorn-29683.exeUnicorn-4332.exeUnicorn-4332.exeUnicorn-3517.exeUnicorn-21354.exeUnicorn-19002.exeUnicorn-60653.exeUnicorn-60653.exeUnicorn-59838.exeUnicorn-14166.exeUnicorn-49449.exe

pid	process
2472	Unicorn-45654.exe
2716	Unicorn-5160.exe
2400	Unicorn-25026.exe
2636	Unicorn-18313.exe
2608	Unicorn-28405.exe
2568	Unicorn-27005.exe
892	Unicorn-32059.exe
2580	Unicorn-45764.exe
2772	Unicorn-53849.exe
2756	Unicorn-33983.exe
1032	Unicorn-64025.exe
608	Unicorn-21101.exe
1604	Unicorn-52792.exe
2956	Unicorn-41843.exe
2616	Unicorn-27322.exe
2368	Unicorn-41843.exe
2332	Unicorn-63441.exe
2504	Unicorn-26602.exe
3056	Unicorn-7997.exe
1148	Unicorn-34027.exe
2488	Unicorn-14161.exe
1648	Unicorn-33542.exe
1860	Unicorn-13448.exe
1880	Unicorn-59120.exe
2920	Unicorn-65036.exe
2064	Unicorn-24553.exe
2096	Unicorn-21093.exe
2460	Unicorn-21093.exe
1716	Unicorn-61440.exe
1524	Unicorn-38799.exe
1768	Unicorn-10080.exe
2216	Unicorn-46660.exe
860	Unicorn-60837.exe
2832	Unicorn-10396.exe
2816	Unicorn-12160.exe
2724	Unicorn-2752.exe
2444	Unicorn-25097.exe
2572	Unicorn-13468.exe
2164	Unicorn-9021.exe
1684	Unicorn-23198.exe
2700	Unicorn-8497.exe
2228	Unicorn-8497.exe
1668	Unicorn-6338.exe
1944	Unicorn-21435.exe
1832	Unicorn-55477.exe
316	Unicorn-55477.exe
1076	Unicorn-17054.exe
1764	Unicorn-36920.exe
1972	Unicorn-53318.exe
2388	Unicorn-33279.exe
1776	Unicorn-1784.exe
2012	Unicorn-1260.exe
1656	Unicorn-29910.exe
916	Unicorn-29683.exe
376	Unicorn-4332.exe
1568	Unicorn-4332.exe
2032	Unicorn-3517.exe
2056	Unicorn-21354.exe
1280	Unicorn-19002.exe
1328	Unicorn-60653.exe
3040	Unicorn-60653.exe
2612	Unicorn-59838.exe
2664	Unicorn-14166.exe
2804	Unicorn-49449.exe

Loads dropped DLL 64 IoCs

Processes:

9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exeUnicorn-45654.exeUnicorn-25026.exeUnicorn-5160.exeWerFault.exeUnicorn-28405.exeUnicorn-18313.exeUnicorn-27005.exeWerFault.exeWerFault.exeUnicorn-45764.exeUnicorn-53849.exeUnicorn-33983.exeUnicorn-32059.exeUnicorn-64025.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
2472	Unicorn-45654.exe
2472	Unicorn-45654.exe
2400	Unicorn-25026.exe
2400	Unicorn-25026.exe
2472	Unicorn-45654.exe
2472	Unicorn-45654.exe
2716	Unicorn-5160.exe
2716	Unicorn-5160.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2608	Unicorn-28405.exe
2608	Unicorn-28405.exe
2636	Unicorn-18313.exe
2400	Unicorn-25026.exe
2568	Unicorn-27005.exe
2400	Unicorn-25026.exe
2636	Unicorn-18313.exe
2568	Unicorn-27005.exe
2716	Unicorn-5160.exe
2716	Unicorn-5160.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
2580	Unicorn-45764.exe
2580	Unicorn-45764.exe
2636	Unicorn-18313.exe
2636	Unicorn-18313.exe
2772	Unicorn-53849.exe
2756	Unicorn-33983.exe
2772	Unicorn-53849.exe
2756	Unicorn-33983.exe
2568	Unicorn-27005.exe
2568	Unicorn-27005.exe
892	Unicorn-32059.exe
1032	Unicorn-64025.exe
892	Unicorn-32059.exe
1032	Unicorn-64025.exe
2608	Unicorn-28405.exe
2608	Unicorn-28405.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1868	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
2476	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2796	2020	WerFault.exe	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
2972	2472	WerFault.exe	Unicorn-45654.exe
1968	2400	WerFault.exe	Unicorn-25026.exe
1676	2716	WerFault.exe	Unicorn-5160.exe
1868	2608	WerFault.exe	Unicorn-28405.exe
1256	2636	WerFault.exe	Unicorn-18313.exe
2476	2568	WerFault.exe	Unicorn-27005.exe
1572	2580	WerFault.exe	Unicorn-45764.exe
2888	2756	WerFault.exe	Unicorn-33983.exe
1596	2772	WerFault.exe	Unicorn-53849.exe
3020	892	WerFault.exe	Unicorn-32059.exe
2996	1032	WerFault.exe	Unicorn-64025.exe
2856	608	WerFault.exe	Unicorn-21101.exe
1672	1604	WerFault.exe	Unicorn-52792.exe
2880	2956	WerFault.exe	Unicorn-41843.exe
2732	2332	WerFault.exe	Unicorn-63441.exe
2280	2616	WerFault.exe	Unicorn-27322.exe
2148	3056	WerFault.exe	Unicorn-7997.exe
2116	2368	WerFault.exe	Unicorn-41843.exe
1500	2504	WerFault.exe	Unicorn-26602.exe
2328	1148	WerFault.exe	Unicorn-34027.exe
3052	2488	WerFault.exe	Unicorn-14161.exe
1688	1648	WerFault.exe	Unicorn-33542.exe
1040	1880	WerFault.exe	Unicorn-59120.exe
1612	2920	WerFault.exe	Unicorn-65036.exe
1628	2064	WerFault.exe	Unicorn-24553.exe
1608	1716	WerFault.exe	Unicorn-61440.exe
1788	1768	WerFault.exe	Unicorn-10080.exe
1188	2096	WerFault.exe	Unicorn-21093.exe
1252	2460	WerFault.exe	Unicorn-21093.exe
1724	1524	WerFault.exe	Unicorn-38799.exe
2632	2216	WerFault.exe	Unicorn-46660.exe
2808	2816	WerFault.exe	Unicorn-12160.exe
2456	2724	WerFault.exe	Unicorn-2752.exe
3084	860	WerFault.exe	Unicorn-60837.exe
3104	2164	WerFault.exe	Unicorn-9021.exe
3132	2572	WerFault.exe	Unicorn-13468.exe
3148	1764	WerFault.exe	Unicorn-36920.exe
3164	1944	WerFault.exe	Unicorn-21435.exe
3172	1668	WerFault.exe	Unicorn-6338.exe
3232	1076	WerFault.exe	Unicorn-17054.exe
3240	1684	WerFault.exe	Unicorn-23198.exe
3672	2832	WerFault.exe	Unicorn-10396.exe
3688	2228	WerFault.exe	Unicorn-8497.exe
3696	1972	WerFault.exe	Unicorn-53318.exe
3776	2444	WerFault.exe	Unicorn-25097.exe
3828	2700	WerFault.exe	Unicorn-8497.exe
3908	1832	WerFault.exe	Unicorn-55477.exe
3936	316	WerFault.exe	Unicorn-55477.exe
3752	2612	WerFault.exe	Unicorn-59838.exe
3880	2272	WerFault.exe	Unicorn-1229.exe
3900	2836	WerFault.exe	Unicorn-28343.exe
3944	1568	WerFault.exe	Unicorn-4332.exe
3932	2704	WerFault.exe	Unicorn-51281.exe
3824	1280	WerFault.exe	Unicorn-19002.exe
3140	3040	WerFault.exe	Unicorn-60653.exe
3260	916	WerFault.exe	Unicorn-29683.exe
3376	1636	WerFault.exe	Unicorn-31415.exe
3412	1924	WerFault.exe	Unicorn-51281.exe
4156	1776	WerFault.exe	Unicorn-1784.exe
4180	2012	WerFault.exe	Unicorn-1260.exe
4196	2388	WerFault.exe	Unicorn-33279.exe
4204	2436	WerFault.exe	Unicorn-13786.exe
4228	2320	WerFault.exe	Unicorn-47829.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exeUnicorn-45654.exeUnicorn-25026.exeUnicorn-5160.exeUnicorn-18313.exeUnicorn-28405.exeUnicorn-27005.exeUnicorn-45764.exeUnicorn-53849.exeUnicorn-33983.exeUnicorn-32059.exeUnicorn-64025.exeUnicorn-21101.exeUnicorn-52792.exeUnicorn-41843.exeUnicorn-63441.exeUnicorn-41843.exeUnicorn-27322.exeUnicorn-26602.exeUnicorn-7997.exeUnicorn-34027.exeUnicorn-14161.exeUnicorn-33542.exeUnicorn-13448.exeUnicorn-59120.exeUnicorn-65036.exeUnicorn-24553.exeUnicorn-21093.exeUnicorn-21093.exeUnicorn-61440.exeUnicorn-10080.exeUnicorn-38799.exeUnicorn-46660.exeUnicorn-60837.exeUnicorn-10396.exeUnicorn-12160.exeUnicorn-2752.exeUnicorn-25097.exeUnicorn-13468.exeUnicorn-9021.exeUnicorn-23198.exeUnicorn-8497.exeUnicorn-8497.exeUnicorn-6338.exeUnicorn-21435.exeUnicorn-55477.exeUnicorn-55477.exeUnicorn-36920.exeUnicorn-17054.exeUnicorn-53318.exeUnicorn-33279.exeUnicorn-1784.exeUnicorn-1260.exeUnicorn-29910.exeUnicorn-29683.exeUnicorn-4332.exeUnicorn-4332.exeUnicorn-3517.exeUnicorn-21354.exeUnicorn-19002.exeUnicorn-60653.exeUnicorn-60653.exeUnicorn-14166.exeUnicorn-59838.exe

pid	process
2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
2472	Unicorn-45654.exe
2400	Unicorn-25026.exe
2716	Unicorn-5160.exe
2636	Unicorn-18313.exe
2608	Unicorn-28405.exe
2568	Unicorn-27005.exe
2580	Unicorn-45764.exe
2772	Unicorn-53849.exe
2756	Unicorn-33983.exe
892	Unicorn-32059.exe
1032	Unicorn-64025.exe
608	Unicorn-21101.exe
1604	Unicorn-52792.exe
2956	Unicorn-41843.exe
2332	Unicorn-63441.exe
2368	Unicorn-41843.exe
2616	Unicorn-27322.exe
2504	Unicorn-26602.exe
3056	Unicorn-7997.exe
1148	Unicorn-34027.exe
2488	Unicorn-14161.exe
1648	Unicorn-33542.exe
1860	Unicorn-13448.exe
1880	Unicorn-59120.exe
2920	Unicorn-65036.exe
2064	Unicorn-24553.exe
2460	Unicorn-21093.exe
2096	Unicorn-21093.exe
1716	Unicorn-61440.exe
1768	Unicorn-10080.exe
1524	Unicorn-38799.exe
2216	Unicorn-46660.exe
860	Unicorn-60837.exe
2832	Unicorn-10396.exe
2816	Unicorn-12160.exe
2724	Unicorn-2752.exe
2444	Unicorn-25097.exe
2572	Unicorn-13468.exe
2164	Unicorn-9021.exe
1684	Unicorn-23198.exe
2700	Unicorn-8497.exe
2228	Unicorn-8497.exe
1668	Unicorn-6338.exe
1944	Unicorn-21435.exe
1832	Unicorn-55477.exe
316	Unicorn-55477.exe
1764	Unicorn-36920.exe
1076	Unicorn-17054.exe
1972	Unicorn-53318.exe
2388	Unicorn-33279.exe
1776	Unicorn-1784.exe
2012	Unicorn-1260.exe
1656	Unicorn-29910.exe
916	Unicorn-29683.exe
1568	Unicorn-4332.exe
376	Unicorn-4332.exe
2032	Unicorn-3517.exe
2056	Unicorn-21354.exe
1280	Unicorn-19002.exe
1328	Unicorn-60653.exe
3040	Unicorn-60653.exe
2664	Unicorn-14166.exe
2612	Unicorn-59838.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exeUnicorn-45654.exeUnicorn-25026.exeUnicorn-5160.exeUnicorn-28405.exeUnicorn-18313.exeUnicorn-27005.exeUnicorn-45764.exe

description	pid	process	target process
PID 2020 wrote to memory of 2472	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-45654.exe
PID 2020 wrote to memory of 2472	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-45654.exe
PID 2020 wrote to memory of 2472	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-45654.exe
PID 2020 wrote to memory of 2472	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-45654.exe
PID 2020 wrote to memory of 2716	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-5160.exe
PID 2020 wrote to memory of 2716	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-5160.exe
PID 2020 wrote to memory of 2716	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-5160.exe
PID 2020 wrote to memory of 2716	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	Unicorn-5160.exe
PID 2472 wrote to memory of 2400	2472	Unicorn-45654.exe	Unicorn-25026.exe
PID 2472 wrote to memory of 2400	2472	Unicorn-45654.exe	Unicorn-25026.exe
PID 2472 wrote to memory of 2400	2472	Unicorn-45654.exe	Unicorn-25026.exe
PID 2472 wrote to memory of 2400	2472	Unicorn-45654.exe	Unicorn-25026.exe
PID 2020 wrote to memory of 2796	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	WerFault.exe
PID 2020 wrote to memory of 2796	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	WerFault.exe
PID 2020 wrote to memory of 2796	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	WerFault.exe
PID 2020 wrote to memory of 2796	2020	9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe	WerFault.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-25026.exe	Unicorn-18313.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-25026.exe	Unicorn-18313.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-25026.exe	Unicorn-18313.exe
PID 2400 wrote to memory of 2636	2400	Unicorn-25026.exe	Unicorn-18313.exe
PID 2472 wrote to memory of 2608	2472	Unicorn-45654.exe	Unicorn-28405.exe
PID 2472 wrote to memory of 2608	2472	Unicorn-45654.exe	Unicorn-28405.exe
PID 2472 wrote to memory of 2608	2472	Unicorn-45654.exe	Unicorn-28405.exe
PID 2472 wrote to memory of 2608	2472	Unicorn-45654.exe	Unicorn-28405.exe
PID 2716 wrote to memory of 2568	2716	Unicorn-5160.exe	Unicorn-27005.exe
PID 2716 wrote to memory of 2568	2716	Unicorn-5160.exe	Unicorn-27005.exe
PID 2716 wrote to memory of 2568	2716	Unicorn-5160.exe	Unicorn-27005.exe
PID 2716 wrote to memory of 2568	2716	Unicorn-5160.exe	Unicorn-27005.exe
PID 2472 wrote to memory of 2972	2472	Unicorn-45654.exe	WerFault.exe
PID 2472 wrote to memory of 2972	2472	Unicorn-45654.exe	WerFault.exe
PID 2472 wrote to memory of 2972	2472	Unicorn-45654.exe	WerFault.exe
PID 2472 wrote to memory of 2972	2472	Unicorn-45654.exe	WerFault.exe
PID 2608 wrote to memory of 892	2608	Unicorn-28405.exe	Unicorn-32059.exe
PID 2608 wrote to memory of 892	2608	Unicorn-28405.exe	Unicorn-32059.exe
PID 2608 wrote to memory of 892	2608	Unicorn-28405.exe	Unicorn-32059.exe
PID 2608 wrote to memory of 892	2608	Unicorn-28405.exe	Unicorn-32059.exe
PID 2636 wrote to memory of 2580	2636	Unicorn-18313.exe	Unicorn-45764.exe
PID 2636 wrote to memory of 2580	2636	Unicorn-18313.exe	Unicorn-45764.exe
PID 2636 wrote to memory of 2580	2636	Unicorn-18313.exe	Unicorn-45764.exe
PID 2636 wrote to memory of 2580	2636	Unicorn-18313.exe	Unicorn-45764.exe
PID 2568 wrote to memory of 2772	2568	Unicorn-27005.exe	Unicorn-53849.exe
PID 2568 wrote to memory of 2772	2568	Unicorn-27005.exe	Unicorn-53849.exe
PID 2568 wrote to memory of 2772	2568	Unicorn-27005.exe	Unicorn-53849.exe
PID 2568 wrote to memory of 2772	2568	Unicorn-27005.exe	Unicorn-53849.exe
PID 2400 wrote to memory of 2756	2400	Unicorn-25026.exe	Unicorn-33983.exe
PID 2400 wrote to memory of 2756	2400	Unicorn-25026.exe	Unicorn-33983.exe
PID 2400 wrote to memory of 2756	2400	Unicorn-25026.exe	Unicorn-33983.exe
PID 2400 wrote to memory of 2756	2400	Unicorn-25026.exe	Unicorn-33983.exe
PID 2716 wrote to memory of 1032	2716	Unicorn-5160.exe	Unicorn-64025.exe
PID 2716 wrote to memory of 1032	2716	Unicorn-5160.exe	Unicorn-64025.exe
PID 2716 wrote to memory of 1032	2716	Unicorn-5160.exe	Unicorn-64025.exe
PID 2716 wrote to memory of 1032	2716	Unicorn-5160.exe	Unicorn-64025.exe
PID 2400 wrote to memory of 1968	2400	Unicorn-25026.exe	WerFault.exe
PID 2400 wrote to memory of 1968	2400	Unicorn-25026.exe	WerFault.exe
PID 2400 wrote to memory of 1968	2400	Unicorn-25026.exe	WerFault.exe
PID 2400 wrote to memory of 1968	2400	Unicorn-25026.exe	WerFault.exe
PID 2716 wrote to memory of 1676	2716	Unicorn-5160.exe	WerFault.exe
PID 2716 wrote to memory of 1676	2716	Unicorn-5160.exe	WerFault.exe
PID 2716 wrote to memory of 1676	2716	Unicorn-5160.exe	WerFault.exe
PID 2716 wrote to memory of 1676	2716	Unicorn-5160.exe	WerFault.exe
PID 2580 wrote to memory of 608	2580	Unicorn-45764.exe	Unicorn-21101.exe
PID 2580 wrote to memory of 608	2580	Unicorn-45764.exe	Unicorn-21101.exe
PID 2580 wrote to memory of 608	2580	Unicorn-45764.exe	Unicorn-21101.exe
PID 2580 wrote to memory of 608	2580	Unicorn-45764.exe	Unicorn-21101.exe

C:\Users\Admin\AppData\Local\Temp\9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe
"C:\Users\Admin\AppData\Local\Temp\9314fa1cd6c757b9ac86046c6203fdc38978d2385e6b6866f410e0fdd7be08f3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
10⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
11⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
12⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
13⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
14⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47300.exe
15⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
15⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
14⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
13⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
11⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
10⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
11⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
12⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
13⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
14⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
14⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
13⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
12⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
11⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
10⤵
- Program crash
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
9⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
11⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
12⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
13⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
14⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
14⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
13⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
11⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
10⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
9⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
8⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
9⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
10⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
11⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
12⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10975.exe
13⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
14⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
14⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
13⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
12⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
11⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
12⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
13⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
13⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
12⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
9⤵
- Program crash
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
8⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
11⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
12⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
13⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
11⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
9⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
8⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
7⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
9⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
10⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
12⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
13⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
14⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
14⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 236
13⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
11⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
12⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
13⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
13⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
12⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 236
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34425.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
11⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28575.exe
12⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
13⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
9⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
8⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-14463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14463.exe
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
11⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
13⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 216
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
11⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
9⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
8⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
6⤵
- Program crash
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
9⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
12⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
13⤵
PID:12052

C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
14⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
13⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
12⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
11⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
- Program crash
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
11⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37243.exe
12⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
13⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
13⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
12⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 220
12⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
7⤵
- Program crash
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
8⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
11⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 220
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
11⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
11⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
12⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 236
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
7⤵
- Program crash
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
6⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
9⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
10⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
11⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
12⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53982.exe
13⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
14⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 216
14⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 236
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
12⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
10⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
9⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
8⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
11⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
12⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
13⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
12⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 236
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
9⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
8⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
7⤵
- Executes dropped EXE
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
8⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
11⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
12⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 236
13⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
12⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
11⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
12⤵
PID:720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 236
12⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
7⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
8⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
11⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
12⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
13⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
12⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 236
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5920.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
9⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
10⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-11650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11650.exe
11⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1168.exe
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 220
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 220
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
7⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
8⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
10⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
11⤵
PID:11868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
12⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
11⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 236
10⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
7⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
10⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
11⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
7⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
6⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35206.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18534.exe
11⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
12⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
12⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
7⤵
- Program crash
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
6⤵
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
5⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
8⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
9⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
10⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
12⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
13⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
14⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
14⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
12⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
11⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-25224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25224.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
11⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
12⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
12⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
8⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
11⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
12⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 236
13⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
9⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
8⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
11⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
12⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
13⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 236
13⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 236
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
9⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
11⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
10⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
8⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
7⤵
- Program crash
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
6⤵
- Program crash
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
5⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
7⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
11⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
12⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
13⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
11⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
12⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
7⤵
- Program crash
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
6⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
10⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
11⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
12⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
8⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
9⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
10⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
10⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
9⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
7⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
6⤵
- Program crash
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
6⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
7⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
10⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
11⤵
PID:11916

C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
12⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
10⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
8⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
8⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
9⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
10⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
11⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 220
10⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
9⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
8⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
6⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
8⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
10⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
11⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
9⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
7⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
6⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
5⤵
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
8⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
10⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
11⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
12⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
13⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
12⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
11⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
10⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
11⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
11⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
8⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32196.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
10⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
11⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7197.exe
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 216
12⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
11⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
8⤵
- Program crash
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
7⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
6⤵
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-59120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59120.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
8⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
11⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
12⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
13⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 236
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
12⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
10⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
11⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37831.exe
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 236
11⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
10⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
11⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
12⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
11⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
7⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
10⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
11⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
12⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
11⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
7⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
6⤵
- Program crash
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
5⤵
- Program crash
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
8⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
12⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 236
13⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
9⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
7⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
10⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
11⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
8⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
7⤵
- Program crash
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
6⤵
- Program crash
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
6⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-59730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59730.exe
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
10⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
7⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
6⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
8⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
10⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
9⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
8⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
7⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
6⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
5⤵
- Program crash
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
8⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35673.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
11⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
12⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
13⤵
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
13⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
11⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28202.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
11⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
12⤵
PID:12060

C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
13⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
12⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
11⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
12⤵
PID:12072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
13⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 236
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
11⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
12⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
8⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
8⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
9⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56577.exe
10⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
11⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 236
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
10⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
9⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
8⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
6⤵
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
10⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
12⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
12⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
8⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
7⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
6⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
8⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-31839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31839.exe
9⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
10⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
11⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
11⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
10⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
9⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
8⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
7⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
6⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
5⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
7⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
11⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56840.exe
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
12⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
11⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
7⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34425.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
9⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
10⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
9⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
8⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
6⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
9⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\UÅicorn-7401.exe
C:\Users\Admin\AppData\Local\Temp\UÅicorn-7401.exe
10⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\UÅicorn-11881.exe
C:\Users\Admin\AppData\Local\Temp\UÅicorn-11881.exe
11⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 236
10⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
9⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
8⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
7⤵
PID:340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
5⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
6⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
8⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
9⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
10⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
11⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
10⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 236
9⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
7⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
6⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
5⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
4⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
2⤵
- Program crash
PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe

Filesize
184KB

MD5
3e1e752e3257f0eefee1132dc32f9509

SHA1
c1db081f363100432712911a04c5bd3026e44fda

SHA256
9a80c4eaed20d540e3e496c65484bd106a396ef81dd4629f1509cc2da9797e13

SHA512
5f99039bfd2f6bba63171e20d8314a389c0e428d5c67c927b644a0334c00a951e29c8e3e7b3c1996166fe899dfe6d4d86cf40b6ef7b18684c92ecef31bb61447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe

Filesize
184KB

MD5
034b6e6fac75893bf32c8cc60756f20c

SHA1
6d7644c16e3e988d356fac625b5db06869688138

SHA256
1d5c42b4b0c2b9cff2ba9cd17360a07fa5b0fc674785d01703e5d268df6b5903

SHA512
65c89c3b508267b19e752ecb1d33d127d2dd514902f0989ff1e8120b758f487f39b08ee98ccda3d49c18bed72fbbabdf959f38a18b2d85760a56706e5c421b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe

Filesize
184KB

MD5
230997565d55c35e9eee4c815853a32b

SHA1
2bc137a60ac4acb0ba0eca9b3e287aaccfdd4abf

SHA256
7dfb43818639bcb0aee97d5f9009c1bd0e7fd5520a909b9133bf9fb992a6492e

SHA512
4a66dd56aec36751d9f87f963781a37b6b62f5386c8f2744e3578d131581a2ebac67627c56104045511f38e3f245ae6a6ca7ede1924f35cb93f6470221f1721f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe

Filesize
184KB

MD5
c70c2d4c526ffaa956559a65a5bebaf1

SHA1
aac70ea662a62071cdb3dc89c4fa39c197b3995e

SHA256
a5c19a5ff41cc4ffa6cfc8cc70a93fa464f6ef76d8b8c1cdd8ac699963c7a38c

SHA512
4ffa42d39a6c0cab9d92aa9cc0a374d6ca860ebfdb584003be94fadfd62bf3244cbe1307d526eb642b9d794174cf0e82ecf151fb1e39ea691acd5d65d72fd001

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe

Filesize
184KB

MD5
e32f2fb06d2e287fe6dae2d5ea79677f

SHA1
0a23fd60a0dd55aec338ef54435b0f98d0c0f72a

SHA256
7c8ca88bd85e3f1f41e4e529f09f44412ee92612894bb6abd34a6848c6ecdb40

SHA512
c0a1f72837a91ed5b90c274bc4ab59ac7c477fbae867c3b77f44867ad87b9a3a11025b2cdc36306fec03368abb6d92b53eec1ee5f4b5e02666670d85d1970b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe

Filesize
184KB

MD5
d6e1b19216cdc87eb067e4496771bfe2

SHA1
782d79f102f8bdce7c53c1208673425bb3b54129

SHA256
bad70888e4cc5d5af04fc73e17f064b1ac703c16326128c3aac19f12ea900707

SHA512
8a692b71fe82594cd977dac10f07cb5bdac5791f7f468665edfc0e304ee7f8056eb7fd56725a2a3e730aecbd268270f0d35acdc26879b14cf1e351137dd3df79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe

Filesize
184KB

MD5
20e2a359fa8894ea75546755631f5695

SHA1
7dbbf6337dd124b77e2c7d0eb40e5ef50f28e412

SHA256
e075e4fc81a9f75814499593bddfe955a9925000b644782385ab36d0ff140a70

SHA512
c7c02510f4dbda1f4d83e0960d40527f350bb1ef186a8e7bd67b4f372db212bc6cc435f030428d40ddecfb85a65f81a3b0324bf7a74437513e67dc61d4212aeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe

Filesize
184KB

MD5
20ec8132d8e16d26c905aa238bef5826

SHA1
7bdf6915d0645a26a1cf9f54a4145526938cd9d5

SHA256
edc916cfce25b5a0055259ae987dd4ca8daab81322c98e19a9a6858d7861c897

SHA512
6c28b3beb903c12f798adc3fc1efb1c88ecf5a29d2f7aafc45f075fa58fa757181dca3852998db3789a14981f676568b9bd1871048928fad9d16093c818a950f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe

Filesize
184KB

MD5
e8d2989caa0ae21230b5becb5014d9cb

SHA1
40638870ce4ca99dc887d51de3d32a0cf3256d77

SHA256
3573dacdf7960aefc69f8beda4de4130946e96c3e636713cba36f264a55f8b85

SHA512
34a9476de9d249551d48dab90eced12029d9cf13466d4e3f17330b4f774ce0f64e1af05db4c91c3445ceb23e2ee47430842476f1d10b970dc034ca8273f2b51f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe

Filesize
184KB

MD5
7f1689e4d8a1d9e90ec7da4b8cc4fcc2

SHA1
921352c0df67d5027755523fbb36f8b5b055dfde

SHA256
7298092a22143c8d357d5a25adbd0a5efa140b761485d1e25bf7dd93a545d212

SHA512
1917b030b2de3b989ba87c86748a99d240c86308b5f969adfd4988ca54a7d328b5636dd403bf142d672a5ef072ebfcd187ffb1975da67ae3d6ed4b831d4dc64d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe

Filesize
184KB

MD5
b90658379fd4ad908011d23ea3d4720d

SHA1
c1b4126ea46770e6e2e1184472412b72d5f3065b

SHA256
d8ac0622476f73f7fe879d62fc7c3a1c443a22d7abef0b5e73c274556a3c01e2

SHA512
8b85f11ee544a287470456cc4f355adf3fc44e49f2d3dba218740b2afd4200fe237c20b74d16b24671833f71f301994ead7704a68dfc9e38b518c950be4c524d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe

Filesize
184KB

MD5
00b9c8f2fb2aed0ecddb127f20c83921

SHA1
bdd76b1948754cb41768f97bfb0d5ebe94b6e863

SHA256
819f9d5399bad5a6875787d5a2eaca4ab0b8c3780da00d29d3a60a09d1fceaa2

SHA512
7aa86f04f05c5a697d599b771c5b0a33c06aeb0f8c27999f71a680fcf08ee2db4316082fbb9067576cb3000c318f88516277f5f5605c1b966751637070ebbbee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe

Filesize
184KB

MD5
cf1a46cc5ab025eaf33865dc096d8fe4

SHA1
ef3a520526d6cbe5677b3d11ef506ccb001864d0

SHA256
e7380c35c41b97ee71a2d074494c5ed1bf9de5bd7fb27aa1cbb684de4ec96909

SHA512
31fa2aeb4c9ede51ea02a18740cc831bac796e611d1c2db9c3004c1e698344f8df6f9410a179b3227707a176192359036a61f3fa855b97bffdf9f55cbc879d56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe

Filesize
184KB

MD5
73e7040d26a200c4d227e6accd323c9e

SHA1
85093dd206eba262e19cde0728bfa35dbec0c44e

SHA256
6979da0f4878511e5a6e65698cc321f508e64809b005f0f5846a0aa5e69c4660

SHA512
fdcc802af5bf270865ff0f42440cb1e023a666dd73b1b8248acc8855a5f88b31dbe5fe3514b522bfdcc06ab27bc3b7b2e4e06e8051c57fd7b141e1031b547387

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe

Filesize
184KB

MD5
50698c9a7ef50a92218dc65795af7ec3

SHA1
c67eb06cae4f614033711f4fcf6ddd1bc9e260c5

SHA256
9582787df984e7f628939e5c626b7a5f4d0505452e3db9811aac3c5934bdc663

SHA512
b562334399d36cdd2927bb2c008633170cf8a44f4c3bf5ce51fd67b15bef04ef44dfc2f71920e8729a3efc1726b1772fa1adef66ae08308d0dd96416511cb1e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe

Filesize
184KB

MD5
a9a092392be5946d7bdf93ab2a8ac156

SHA1
e1a9d4fd99b204ad707da90f5337d583cab2ac98

SHA256
5bd5079a2ef75fe8d921605480c77f5bf0bbf24e1ee1c499fba79def0eae472b

SHA512
39ba3de8bbbcb7311fabb0b6a0808441fe42f290e475c297b8551820ada16484848d7abeb9a471ece457953c31a55788fa349fea79610869aa79d475c6288cb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe

Filesize
184KB

MD5
160cd710082a11ace039fe594906664a

SHA1
db41cee41c5a50d9a6ed72388225afa901c4eb04

SHA256
434bd536f2e336b92f82ac42e26bd7a59a3c7391f4c0ee0f251cd1489d567d8c

SHA512
2796df821654f3d070bcc797edb96c0093d16d217e71fd7bb38d376c099927dbc8d6f1920c6fa496997dd2486c8af4efca6572bb8ced1ad040dd1a206d7d4261

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe

Filesize
184KB

MD5
b74430402696bc2d221b3aa7f5f116c8

SHA1
27aab39e29589be6f9fe19d655e2076a7b267a55

SHA256
82cb4ed58d2bf76a67ac98fa1f0734777622d7e53f2adc38f61fb80e231f61b2

SHA512
063393b09b6a7648cd36a62e49fc4f7eb79ae2cfd75d1e27635583caaabc64439b3d1374d0ce4b0b21f8358f743f2637c5d1f8a18e3ea4bd3a7c9bd8f49e9071

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe

Filesize
184KB

MD5
1ceee35694d7a8bf479445958b47f9ef

SHA1
d9b2a0ff8fa09ad281c628ad66710b4ae81c9e4b

SHA256
b121dc75ccf2a47959b812a6392f71da60fc1da410c3cf15b7d22891d5344483

SHA512
11b89eb6ca371d955fc7a934b5ab1bd140faa7b727cf6f6169a3c3bff691b69963e8c244ec40e5dd17e17d48ded001182ca7b6a185c88217444c05e3c8c29846

Download Submit