a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
Size

184KB
MD5

e2c65d48cf1433e05452a63819e52d8f
SHA1

4a434b0ddec97a5a1d5e5858f1191784c206d34e
SHA256

a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad
SHA512

5c0ad69ed83900f6277683ed7b1cc2d658c52fc4ee4fd3d8cd6a8b09c2b330c795937857d50d32b84e5bf9b8eae71f5c1dc926bfda6554f6310e2d6ab6f1f0f2
SSDEEP

3072:aWCPMuolzwEidRjoedaLpKq/IKYYTPBK++NgG507Kl6hlkVOFZnT:aWkoJORjILIq/IBBMthlkVOFZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-16686.exeUnicorn-34517.exeUnicorn-48092.exeUnicorn-62026.exeUnicorn-59888.exeUnicorn-56058.exeUnicorn-32014.exeUnicorn-27415.exeUnicorn-12724.exeUnicorn-32590.exeUnicorn-65262.exeUnicorn-34604.exeUnicorn-30005.exeUnicorn-48501.exeUnicorn-47987.exeUnicorn-48309.exeUnicorn-2123.exeUnicorn-6482.exeUnicorn-43699.exeUnicorn-63818.exeUnicorn-57850.exeUnicorn-26896.exeUnicorn-26896.exeUnicorn-22297.exeUnicorn-61514.exeUnicorn-59376.exeUnicorn-55546.exeUnicorn-14768.exeUnicorn-15022.exeUnicorn-35656.exeUnicorn-15790.exeUnicorn-48785.exeUnicorn-33352.exeUnicorn-11348.exeUnicorn-46481.exeUnicorn-26615.exeUnicorn-14192.exeUnicorn-44981.exeUnicorn-47249.exeUnicorn-48759.exeUnicorn-48245.exeUnicorn-2573.exeUnicorn-5957.exeUnicorn-19532.exeUnicorn-19855.exeUnicorn-63030.exeUnicorn-17359.exeUnicorn-50799.exeUnicorn-35340.exeUnicorn-30741.exeUnicorn-3051.exeUnicorn-63798.exeUnicorn-21967.exeUnicorn-7659.exeUnicorn-21173.exeUnicorn-20658.exeUnicorn-40524.exeUnicorn-31483.exeUnicorn-51157.exeUnicorn-64540.exeUnicorn-18869.exeUnicorn-18354.exeUnicorn-27969.exeUnicorn-40775.exe

pid	process
2516	Unicorn-16686.exe
2856	Unicorn-34517.exe
2796	Unicorn-48092.exe
2440	Unicorn-62026.exe
2680	Unicorn-59888.exe
2456	Unicorn-56058.exe
1896	Unicorn-32014.exe
1632	Unicorn-27415.exe
2320	Unicorn-12724.exe
2000	Unicorn-32590.exe
2204	Unicorn-65262.exe
1756	Unicorn-34604.exe
2784	Unicorn-30005.exe
1872	Unicorn-48501.exe
2136	Unicorn-47987.exe
596	Unicorn-48309.exe
668	Unicorn-2123.exe
400	Unicorn-6482.exe
880	Unicorn-43699.exe
1776	Unicorn-63818.exe
1608	Unicorn-57850.exe
1964	Unicorn-26896.exe
1888	Unicorn-26896.exe
1100	Unicorn-22297.exe
3036	Unicorn-61514.exe
2412	Unicorn-59376.exe
1500	Unicorn-55546.exe
1576	Unicorn-14768.exe
2912	Unicorn-15022.exe
2908	Unicorn-35656.exe
2920	Unicorn-15790.exe
2592	Unicorn-48785.exe
2596	Unicorn-33352.exe
2672	Unicorn-11348.exe
2448	Unicorn-46481.exe
2544	Unicorn-26615.exe
3068	Unicorn-14192.exe
2316	Unicorn-44981.exe
2040	Unicorn-47249.exe
944	Unicorn-48759.exe
2192	Unicorn-48245.exe
852	Unicorn-2573.exe
1624	Unicorn-5957.exe
2276	Unicorn-19532.exe
2388	Unicorn-19855.exe
1800	Unicorn-63030.exe
2308	Unicorn-17359.exe
2044	Unicorn-50799.exe
1876	Unicorn-35340.exe
1880	Unicorn-30741.exe
3040	Unicorn-3051.exe
1560	Unicorn-63798.exe
1516	Unicorn-21967.exe
2620	Unicorn-7659.exe
2868	Unicorn-21173.exe
2540	Unicorn-20658.exe
2648	Unicorn-40524.exe
2576	Unicorn-31483.exe
2188	Unicorn-51157.exe
2112	Unicorn-64540.exe
2904	Unicorn-18869.exe
1848	Unicorn-18354.exe
1200	Unicorn-27969.exe
2060	Unicorn-40775.exe

Loads dropped DLL 64 IoCs

Processes:

a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exeUnicorn-16686.exeUnicorn-48092.exeUnicorn-34517.exeWerFault.exeUnicorn-59888.exeUnicorn-62026.exeUnicorn-56058.exeWerFault.exeWerFault.exeUnicorn-32590.exeUnicorn-65262.exeUnicorn-12724.exeUnicorn-32014.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
2516	Unicorn-16686.exe
2516	Unicorn-16686.exe
1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
2796	Unicorn-48092.exe
2796	Unicorn-48092.exe
2856	Unicorn-34517.exe
2856	Unicorn-34517.exe
2516	Unicorn-16686.exe
2516	Unicorn-16686.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2680	Unicorn-59888.exe
2680	Unicorn-59888.exe
2856	Unicorn-34517.exe
2856	Unicorn-34517.exe
2796	Unicorn-48092.exe
2796	Unicorn-48092.exe
2440	Unicorn-62026.exe
2440	Unicorn-62026.exe
2456	Unicorn-56058.exe
2456	Unicorn-56058.exe
860	WerFault.exe
860	WerFault.exe
860	WerFault.exe
860	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
860	WerFault.exe
2180	WerFault.exe
2000	Unicorn-32590.exe
2440	Unicorn-62026.exe
2000	Unicorn-32590.exe
2440	Unicorn-62026.exe
2204	Unicorn-65262.exe
2204	Unicorn-65262.exe
2456	Unicorn-56058.exe
2456	Unicorn-56058.exe
2320	Unicorn-12724.exe
2320	Unicorn-12724.exe
1896	Unicorn-32014.exe
1896	Unicorn-32014.exe
2680	Unicorn-59888.exe
2680	Unicorn-59888.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
1464	WerFault.exe
448	WerFault.exe
448	WerFault.exe
448	WerFault.exe
448	WerFault.exe
448	WerFault.exe
3032	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2656	1364	WerFault.exe	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
2504	2516	WerFault.exe	Unicorn-16686.exe
860	2796	WerFault.exe	Unicorn-48092.exe
2180	2856	WerFault.exe	Unicorn-34517.exe
1464	1632	WerFault.exe	Unicorn-27415.exe
448	2680	WerFault.exe	Unicorn-59888.exe
3032	2440	WerFault.exe	Unicorn-62026.exe
2816	2456	WerFault.exe	Unicorn-56058.exe
1792	2320	WerFault.exe	Unicorn-12724.exe
1916	400	WerFault.exe	Unicorn-6482.exe
1592	2000	WerFault.exe	Unicorn-32590.exe
1584	2204	WerFault.exe	Unicorn-65262.exe
2948	1896	WerFault.exe	Unicorn-32014.exe
2492	2784	WerFault.exe	Unicorn-30005.exe
2720	1756	WerFault.exe	Unicorn-34604.exe
784	1872	WerFault.exe	Unicorn-48501.exe
704	596	WerFault.exe	Unicorn-48309.exe
960	2136	WerFault.exe	Unicorn-47987.exe
840	668	WerFault.exe	Unicorn-2123.exe
2228	2316	WerFault.exe	Unicorn-44981.exe
2684	2040	WerFault.exe	Unicorn-47249.exe
2652	852	WerFault.exe	Unicorn-2573.exe
952	2412	WerFault.exe	Unicorn-59376.exe
2200	880	WerFault.exe	Unicorn-43699.exe
2528	1776	WerFault.exe	Unicorn-63818.exe
2864	1608	WerFault.exe	Unicorn-57850.exe
2416	1964	WerFault.exe	Unicorn-26896.exe
3056	1888	WerFault.exe	Unicorn-26896.exe
2232	3036	WerFault.exe	Unicorn-61514.exe
2172	1100	WerFault.exe	Unicorn-22297.exe
2968	1500	WerFault.exe	Unicorn-55546.exe
2164	2192	WerFault.exe	Unicorn-48245.exe
600	1576	WerFault.exe	Unicorn-14768.exe
3000	2912	WerFault.exe	Unicorn-15022.exe
768	2908	WerFault.exe	Unicorn-35656.exe
2484	2920	WerFault.exe	Unicorn-15790.exe
2288	2592	WerFault.exe	Unicorn-48785.exe
2524	2596	WerFault.exe	Unicorn-33352.exe
1752	2544	WerFault.exe	Unicorn-26615.exe
536	2672	WerFault.exe	Unicorn-11348.exe
3180	2448	WerFault.exe	Unicorn-46481.exe
3204	3068	WerFault.exe	Unicorn-14192.exe
3244	944	WerFault.exe	Unicorn-48759.exe
3376	1628	WerFault.exe	Unicorn-9385.exe
3956	272	WerFault.exe	Unicorn-43402.exe
3948	1128	WerFault.exe	Unicorn-48685.exe
3940	3052	WerFault.exe	Unicorn-13360.exe
4012	2112	WerFault.exe	Unicorn-64540.exe
4004	2904	WerFault.exe	Unicorn-18869.exe
3392	1920	WerFault.exe	Unicorn-169.exe
3596	2536	WerFault.exe	Unicorn-61300.exe
3988	1624	WerFault.exe	Unicorn-5957.exe
4040	2276	WerFault.exe	Unicorn-19532.exe
4064	2388	WerFault.exe	Unicorn-19855.exe
3372	1560	WerFault.exe	Unicorn-63798.exe
3364	3040	WerFault.exe	Unicorn-3051.exe
3476	2044	WerFault.exe	Unicorn-50799.exe
3472	1800	WerFault.exe	Unicorn-63030.exe
3604	1880	WerFault.exe	Unicorn-30741.exe
3764	1516	WerFault.exe	Unicorn-21967.exe
3884	1876	WerFault.exe	Unicorn-35340.exe
3572	3084	WerFault.exe	Unicorn-65317.exe
3592	2620	WerFault.exe	Unicorn-7659.exe
3588	2576	WerFault.exe	Unicorn-31483.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exeUnicorn-16686.exeUnicorn-34517.exeUnicorn-48092.exeUnicorn-62026.exeUnicorn-59888.exeUnicorn-56058.exeUnicorn-32014.exeUnicorn-32590.exeUnicorn-12724.exeUnicorn-65262.exeUnicorn-27415.exeUnicorn-34604.exeUnicorn-30005.exeUnicorn-48501.exeUnicorn-47987.exeUnicorn-48309.exeUnicorn-6482.exeUnicorn-2123.exeUnicorn-43699.exeUnicorn-63818.exeUnicorn-57850.exeUnicorn-26896.exeUnicorn-26896.exeUnicorn-22297.exeUnicorn-61514.exeUnicorn-59376.exeUnicorn-55546.exeUnicorn-14768.exeUnicorn-15022.exeUnicorn-35656.exeUnicorn-15790.exeUnicorn-48785.exeUnicorn-33352.exeUnicorn-11348.exeUnicorn-46481.exeUnicorn-26615.exeUnicorn-14192.exeUnicorn-44981.exeUnicorn-47249.exeUnicorn-48759.exeUnicorn-48245.exeUnicorn-2573.exeUnicorn-5957.exeUnicorn-19532.exeUnicorn-19855.exeUnicorn-17359.exeUnicorn-63030.exeUnicorn-50799.exeUnicorn-35340.exeUnicorn-30741.exeUnicorn-3051.exeUnicorn-63798.exeUnicorn-21967.exeUnicorn-7659.exeUnicorn-40524.exeUnicorn-20658.exeUnicorn-31483.exeUnicorn-21173.exeUnicorn-51157.exeUnicorn-64540.exeUnicorn-18354.exeUnicorn-18869.exeUnicorn-27969.exe

pid	process
1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
2516	Unicorn-16686.exe
2856	Unicorn-34517.exe
2796	Unicorn-48092.exe
2440	Unicorn-62026.exe
2680	Unicorn-59888.exe
2456	Unicorn-56058.exe
1896	Unicorn-32014.exe
2000	Unicorn-32590.exe
2320	Unicorn-12724.exe
2204	Unicorn-65262.exe
1632	Unicorn-27415.exe
1756	Unicorn-34604.exe
2784	Unicorn-30005.exe
1872	Unicorn-48501.exe
2136	Unicorn-47987.exe
596	Unicorn-48309.exe
400	Unicorn-6482.exe
668	Unicorn-2123.exe
880	Unicorn-43699.exe
1776	Unicorn-63818.exe
1608	Unicorn-57850.exe
1888	Unicorn-26896.exe
1964	Unicorn-26896.exe
1100	Unicorn-22297.exe
3036	Unicorn-61514.exe
2412	Unicorn-59376.exe
1500	Unicorn-55546.exe
1576	Unicorn-14768.exe
2912	Unicorn-15022.exe
2908	Unicorn-35656.exe
2920	Unicorn-15790.exe
2592	Unicorn-48785.exe
2596	Unicorn-33352.exe
2672	Unicorn-11348.exe
2448	Unicorn-46481.exe
2544	Unicorn-26615.exe
3068	Unicorn-14192.exe
2316	Unicorn-44981.exe
2040	Unicorn-47249.exe
944	Unicorn-48759.exe
2192	Unicorn-48245.exe
852	Unicorn-2573.exe
1624	Unicorn-5957.exe
2276	Unicorn-19532.exe
2388	Unicorn-19855.exe
2308	Unicorn-17359.exe
1800	Unicorn-63030.exe
2044	Unicorn-50799.exe
1876	Unicorn-35340.exe
1880	Unicorn-30741.exe
3040	Unicorn-3051.exe
1560	Unicorn-63798.exe
1516	Unicorn-21967.exe
2620	Unicorn-7659.exe
2648	Unicorn-40524.exe
2540	Unicorn-20658.exe
2576	Unicorn-31483.exe
2868	Unicorn-21173.exe
2188	Unicorn-51157.exe
2112	Unicorn-64540.exe
1848	Unicorn-18354.exe
2904	Unicorn-18869.exe
1200	Unicorn-27969.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exeUnicorn-16686.exeUnicorn-48092.exeUnicorn-34517.exeUnicorn-59888.exeUnicorn-62026.exeUnicorn-56058.exeUnicorn-32590.exe

description	pid	process	target process
PID 1364 wrote to memory of 2516	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-16686.exe
PID 1364 wrote to memory of 2516	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-16686.exe
PID 1364 wrote to memory of 2516	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-16686.exe
PID 1364 wrote to memory of 2516	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-16686.exe
PID 2516 wrote to memory of 2856	2516	Unicorn-16686.exe	Unicorn-34517.exe
PID 2516 wrote to memory of 2856	2516	Unicorn-16686.exe	Unicorn-34517.exe
PID 2516 wrote to memory of 2856	2516	Unicorn-16686.exe	Unicorn-34517.exe
PID 2516 wrote to memory of 2856	2516	Unicorn-16686.exe	Unicorn-34517.exe
PID 1364 wrote to memory of 2796	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-48092.exe
PID 1364 wrote to memory of 2796	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-48092.exe
PID 1364 wrote to memory of 2796	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-48092.exe
PID 1364 wrote to memory of 2796	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	Unicorn-48092.exe
PID 1364 wrote to memory of 2656	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	WerFault.exe
PID 1364 wrote to memory of 2656	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	WerFault.exe
PID 1364 wrote to memory of 2656	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	WerFault.exe
PID 1364 wrote to memory of 2656	1364	a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe	WerFault.exe
PID 2796 wrote to memory of 2440	2796	Unicorn-48092.exe	Unicorn-62026.exe
PID 2796 wrote to memory of 2440	2796	Unicorn-48092.exe	Unicorn-62026.exe
PID 2796 wrote to memory of 2440	2796	Unicorn-48092.exe	Unicorn-62026.exe
PID 2796 wrote to memory of 2440	2796	Unicorn-48092.exe	Unicorn-62026.exe
PID 2856 wrote to memory of 2680	2856	Unicorn-34517.exe	Unicorn-59888.exe
PID 2856 wrote to memory of 2680	2856	Unicorn-34517.exe	Unicorn-59888.exe
PID 2856 wrote to memory of 2680	2856	Unicorn-34517.exe	Unicorn-59888.exe
PID 2856 wrote to memory of 2680	2856	Unicorn-34517.exe	Unicorn-59888.exe
PID 2516 wrote to memory of 2456	2516	Unicorn-16686.exe	Unicorn-56058.exe
PID 2516 wrote to memory of 2456	2516	Unicorn-16686.exe	Unicorn-56058.exe
PID 2516 wrote to memory of 2456	2516	Unicorn-16686.exe	Unicorn-56058.exe
PID 2516 wrote to memory of 2456	2516	Unicorn-16686.exe	Unicorn-56058.exe
PID 2516 wrote to memory of 2504	2516	Unicorn-16686.exe	WerFault.exe
PID 2516 wrote to memory of 2504	2516	Unicorn-16686.exe	WerFault.exe
PID 2516 wrote to memory of 2504	2516	Unicorn-16686.exe	WerFault.exe
PID 2516 wrote to memory of 2504	2516	Unicorn-16686.exe	WerFault.exe
PID 2680 wrote to memory of 1896	2680	Unicorn-59888.exe	Unicorn-32014.exe
PID 2680 wrote to memory of 1896	2680	Unicorn-59888.exe	Unicorn-32014.exe
PID 2680 wrote to memory of 1896	2680	Unicorn-59888.exe	Unicorn-32014.exe
PID 2680 wrote to memory of 1896	2680	Unicorn-59888.exe	Unicorn-32014.exe
PID 2856 wrote to memory of 1632	2856	Unicorn-34517.exe	Unicorn-27415.exe
PID 2856 wrote to memory of 1632	2856	Unicorn-34517.exe	Unicorn-27415.exe
PID 2856 wrote to memory of 1632	2856	Unicorn-34517.exe	Unicorn-27415.exe
PID 2856 wrote to memory of 1632	2856	Unicorn-34517.exe	Unicorn-27415.exe
PID 2796 wrote to memory of 2320	2796	Unicorn-48092.exe	Unicorn-12724.exe
PID 2796 wrote to memory of 2320	2796	Unicorn-48092.exe	Unicorn-12724.exe
PID 2796 wrote to memory of 2320	2796	Unicorn-48092.exe	Unicorn-12724.exe
PID 2796 wrote to memory of 2320	2796	Unicorn-48092.exe	Unicorn-12724.exe
PID 2440 wrote to memory of 2000	2440	Unicorn-62026.exe	Unicorn-32590.exe
PID 2440 wrote to memory of 2000	2440	Unicorn-62026.exe	Unicorn-32590.exe
PID 2440 wrote to memory of 2000	2440	Unicorn-62026.exe	Unicorn-32590.exe
PID 2440 wrote to memory of 2000	2440	Unicorn-62026.exe	Unicorn-32590.exe
PID 2456 wrote to memory of 2204	2456	Unicorn-56058.exe	Unicorn-65262.exe
PID 2456 wrote to memory of 2204	2456	Unicorn-56058.exe	Unicorn-65262.exe
PID 2456 wrote to memory of 2204	2456	Unicorn-56058.exe	Unicorn-65262.exe
PID 2456 wrote to memory of 2204	2456	Unicorn-56058.exe	Unicorn-65262.exe
PID 2796 wrote to memory of 860	2796	Unicorn-48092.exe	WerFault.exe
PID 2796 wrote to memory of 860	2796	Unicorn-48092.exe	WerFault.exe
PID 2796 wrote to memory of 860	2796	Unicorn-48092.exe	WerFault.exe
PID 2796 wrote to memory of 860	2796	Unicorn-48092.exe	WerFault.exe
PID 2856 wrote to memory of 2180	2856	Unicorn-34517.exe	WerFault.exe
PID 2856 wrote to memory of 2180	2856	Unicorn-34517.exe	WerFault.exe
PID 2856 wrote to memory of 2180	2856	Unicorn-34517.exe	WerFault.exe
PID 2856 wrote to memory of 2180	2856	Unicorn-34517.exe	WerFault.exe
PID 2000 wrote to memory of 1756	2000	Unicorn-32590.exe	Unicorn-34604.exe
PID 2000 wrote to memory of 1756	2000	Unicorn-32590.exe	Unicorn-34604.exe
PID 2000 wrote to memory of 1756	2000	Unicorn-32590.exe	Unicorn-34604.exe
PID 2000 wrote to memory of 1756	2000	Unicorn-32590.exe	Unicorn-34604.exe

C:\Users\Admin\AppData\Local\Temp\a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe
"C:\Users\Admin\AppData\Local\Temp\a01628ee60d4c6214d6b156983ea7ee967db14b831c88f4698e99da4d69e2aad.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
10⤵
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 224
11⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 248
10⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
9⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 224
10⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
9⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 248
8⤵
- Program crash
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
9⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
10⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-36577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36577.exe
11⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
12⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
13⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
14⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
15⤵
PID:12676

C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
16⤵
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12676 -s 236
16⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 216
15⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
14⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
13⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
12⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
11⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
11⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
13⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
14⤵
PID:13212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
15⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
14⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
12⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
11⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
12⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
13⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
14⤵
PID:13080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
15⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13080 -s 236
15⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
13⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
12⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
10⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
9⤵
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 228
8⤵
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
7⤵
- Program crash
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 220
8⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
10⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
12⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
13⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
14⤵
PID:11468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
15⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11468 -s 216
15⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
14⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
13⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 236
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
9⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 220
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-58014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58014.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-11671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11671.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe
11⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
12⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-7716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7716.exe
13⤵
PID:13248

C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
14⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
13⤵
PID:13848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
8⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
7⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
6⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
6⤵
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 244
5⤵
- Loads dropped DLL
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
9⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
11⤵
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 244
12⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
11⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
11⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
12⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
13⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
14⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11732 -s 220
15⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 216
14⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
12⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
11⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
11⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
12⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
13⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
14⤵
PID:11356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
15⤵
PID:13704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11356 -s 236
15⤵
PID:13924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
14⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
13⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 236
12⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
9⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-40152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40152.exe
10⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 224
11⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 248
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
- Program crash
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
8⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
11⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
12⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
13⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 224
14⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 236
12⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
12⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
13⤵
PID:11848

C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
14⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11848 -s 216
14⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
8⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 240
9⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
8⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
7⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
11⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 224
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 236
11⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
11⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
12⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
13⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
13⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
9⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 220
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
7⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
11⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
12⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
13⤵
PID:12152

C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
14⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12152 -s 236
14⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
8⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
9⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
10⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
11⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
12⤵
PID:11456

C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
13⤵
PID:13468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11456 -s 236
13⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
11⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
10⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 220
8⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 220
6⤵
- Program crash
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 244
7⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
11⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-60051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60051.exe
12⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
13⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 236
13⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 236
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
9⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 248
7⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
6⤵
- Program crash
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
5⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
12⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
13⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
14⤵
PID:12240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
15⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12240 -s 236
15⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
14⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 220
13⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
12⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
11⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
11⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
12⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
13⤵
PID:11292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
14⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11292 -s 236
14⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
13⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
13⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
10⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
7⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 244
8⤵
- Program crash
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
7⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
7⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
8⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
7⤵
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 220
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
7⤵
- Program crash
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
6⤵
- Program crash
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
5⤵
- Program crash
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
9⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
12⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
13⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 376
14⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
13⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
12⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
11⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
10⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 220
11⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
11⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
12⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
13⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
14⤵
PID:12740

C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27408.exe
15⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12740 -s 216
15⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 216
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
11⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
8⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4932.exe
11⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 188
12⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 236
11⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
11⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
13⤵
PID:11816

C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
14⤵
PID:13436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11816 -s 236
14⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 240
10⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
10⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
11⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 220
12⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
11⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
9⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
8⤵
- Program crash
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
8⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
9⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
11⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
12⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
13⤵
PID:11508

C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
14⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11508 -s 236
14⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 236
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
11⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
9⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
7⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
9⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 220
10⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
11⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-47027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47027.exe
12⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12116 -s 220
14⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 220
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 236
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 220
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
8⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 240
9⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
7⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-18167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18167.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
11⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 224
12⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
11⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
12⤵
PID:11576

C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13504.exe
13⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11576 -s 236
13⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
11⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
10⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
- Program crash
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
6⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
9⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
11⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
12⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
13⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 212
14⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
13⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
11⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
11⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
12⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
13⤵
PID:11892

C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
14⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11892 -s 236
14⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 220
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 236
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
12⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
13⤵
PID:13252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
14⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13252 -s 236
14⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 236
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 236
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 236
11⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
8⤵
- Program crash
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe
7⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
9⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 224
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
10⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
11⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
12⤵
PID:12084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62119.exe
13⤵
PID:14116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12084 -s 216
13⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 236
11⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
10⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 236
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
8⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
7⤵
PID:272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 244
8⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
7⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
9⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
10⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
11⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
12⤵
PID:12812

C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12812 -s 236
13⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 236
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
10⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
6⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
5⤵
- Program crash
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
9⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
10⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
11⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
12⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
13⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 224
14⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
13⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
11⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
10⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 224
11⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
8⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
12⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
13⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
14⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11856 -s 236
14⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
13⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
9⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
7⤵
- Executes dropped EXE
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
8⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
11⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
12⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 224
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
10⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 224
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 220
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
7⤵
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
11⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 220
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 224
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 220
8⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41803.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
9⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
10⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
11⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12104 -s 224
13⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
12⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
10⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
7⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
6⤵
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
7⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44404.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
9⤵
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 220
10⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
11⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 224
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 240
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
11⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
12⤵
PID:12188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
13⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11552 -s 216
13⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 220
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
11⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-13163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13163.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
11⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
12⤵
PID:12400

C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
13⤵
PID:13824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12400 -s 236
13⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 236
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
9⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
8⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
7⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
6⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
7⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 240
8⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 240
9⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
7⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
6⤵
- Program crash
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-24000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24000.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
11⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
12⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
13⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 216
14⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
11⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
9⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 224
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
11⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 220
12⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 220
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
7⤵
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-23696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23696.exe
10⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
12⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
13⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
14⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11780 -s 216
14⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
11⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
9⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
10⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
11⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
12⤵
PID:13064

C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
13⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
12⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 236
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
8⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
7⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 220
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
9⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
10⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
11⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
12⤵
PID:12964

C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
13⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
12⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
9⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
10⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
11⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
12⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 236
12⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
10⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
8⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
7⤵
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
6⤵
- Program crash
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
7⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
11⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
12⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
13⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
13⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
9⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12004 -s 224
13⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 236
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
8⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
7⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
9⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
10⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
11⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
12⤵
PID:11944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
13⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11944 -s 216
13⤵
PID:13900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
12⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 236
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
8⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
6⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
7⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
11⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
12⤵
PID:12928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
13⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12928 -s 236
13⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 216
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
10⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
9⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
8⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
7⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
8⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
9⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
10⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
11⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
12⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
11⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
10⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
9⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
8⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
7⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
6⤵
- Program crash
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
5⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
4⤵
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
2⤵
- Program crash
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe

Filesize
184KB

MD5
b502a54fa955ada8aae4b093602667ce

SHA1
9d1e30a438b4bfcc55d08a36008ef47e2438c622

SHA256
5e5386caa5b7a9152d2b19806c3ee73bb16de2c878d0738f81bdc2332b3ecad3

SHA512
22e1f563f44e593be1c397fed1436dde676ac99edc339b994b6f2adf64e73b93ae204a3b2e71b26bb30ceae1e9bdcac6689a849db4efd6d65220a7311e42518a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe

Filesize
184KB

MD5
b37744805c3030753c36849787fb4a21

SHA1
ade147297e7abe1b85f08137d7f79b2cea99bc29

SHA256
11075115b9a79ea68227fea7cafa5322aaea0175f030b9d076c2d61ac7be8fb3

SHA512
65df8b82104698df22abd4c670fdb676ef66bdbd5aff4bf8f9dddef08a28ad91a42c7b8727a3739764a92f8780e3dc65014d6d308e3d05a0f579545fb4e96efe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe

Filesize
184KB

MD5
c0592f2c99c4a777b898eb6ebac31053

SHA1
48614b8701910e7840339dbc624db7418cdbd19d

SHA256
2238b770d7d835f87fb2fd89b5c5ae02065861746cae8f6e4acab8a9c6eee2f1

SHA512
fd1b04f2bd0a57ea7293e635f848dd61b392584ff48f4765be16fc7eb3f932264e68cf0e2dfee70d2c354570eae18cdcef3e151274b996dc1864537bcc4a9e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe

Filesize
184KB

MD5
a422cbc40c5c71507434c7c030c892af

SHA1
f3e3619017edf88e2d4b7b763676615b2a03bf19

SHA256
2b787b018f13bef19bd81e336c04cd494d259c6467410dadf981499b32346446

SHA512
7d43a543c0c9352bcef1f1d16cddca83f356bf47a5b6d7844ef0e36366ae6c51d72a6a3991d40fdec600af36a782236f9d8c94e2c9d6eaebca4fa9f833081c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe

Filesize
184KB

MD5
3acbbdf6a4984e54a0adbbe17f6d02a2

SHA1
a170fbbc9d13c81649bf7be7e86ba0548d7d5041

SHA256
85d0bc05e4bac0e0363cccdb3f8d470b87c2121f074316f2ee9e98a4148b3c84

SHA512
30ea51187ff375b103fc209076a134a8a71c088c3a46412210014842de503d2a8ffcdbafc0dec949e64f2e64d4ad974ee70d9c986dbea002d318bb627b25354b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe

Filesize
184KB

MD5
0be5efd7390bd626990a01ad89115549

SHA1
662190424a23ae1a707c0a77b1e26a4e8c3faeb6

SHA256
07d988a07529c573162079162cf1a096db304360f4010edf48df4464fe8a3dd9

SHA512
26b7f6a3b83ada6c818816a5ac8b43f1ff84b677994c66e13e07326d54de3d7b7c33577ee982dfec35a0b37c8deda42e2f0bb0aafecae0ff8f449bb8f7b1ed31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe

Filesize
184KB

MD5
624b23840597da75cd65ad3a770ef066

SHA1
63203d5254b71950263565aec2e10f8dd87227ba

SHA256
8e076feaa74deb9cf12f34df133bf3e2891bf0aab63427bb8006895d387935fd

SHA512
202a77b6a24b8c8f0abb62edc0e7588e818419491371e781c7e6b6a6607c17cb50804a3c26017ffbe2b6bc1e005bec311edc9ea4df7410e1c6aaa4713f7183e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe

Filesize
184KB

MD5
9d2e70cabee94455041cfd8a5236afd4

SHA1
d944a3d087605cbe6c406af4087a9868022e53a4

SHA256
59143602ccb910467b20c7126b7724c478769444dc16c3f0aac3f25c859cf410

SHA512
26b7cfdbf420f2cf1e1dd3ed788de2c46f02fc9069bf1d95b06a4c42e2fe2e5becf1fba694364a419349746e908e614dae97eebe973ec7f3542161fbe06a8657

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe

Filesize
184KB

MD5
2e6e776768e41ff0abaa95e3f1180cec

SHA1
2d696338361c1a4c43e70955a611568628a26a2f

SHA256
df4a1e9738ebf185684560c752355114029bf35e702c9535da9a76e0ed3722fa

SHA512
5014286bdc032ee24a3b4c02b6380cd029d8c56d0ba7c33c51b0b3ae8b624cdc1af8bd20872dfc65d7dbf81d33de3f98ee53c1d27141482292b52b880bb18e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe

Filesize
184KB

MD5
a2f1972d9b2a8f1079d59c3012626ff5

SHA1
3b0d0b336cc87bd6a1c174ac4d2a27c72726d597

SHA256
32d2fc746f80e6e5c8d39f46e303bab409640e2dcb7dd85a8e43115c02d133d5

SHA512
158f54c0131d001ebabf968b60c749c241faee578024d140d9a7715c3d644ee95505c840a0ee7aa62726ae641aa12426a2ea5a9dd57902039a53ee862ad0a02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6064.exe

Filesize
184KB

MD5
be3fe4b0cc83f97021fbfec70d71024b

SHA1
2e7debdc84c2f2e8618aacdb606157c9c6f478ae

SHA256
f6225b87432bc9ffdf6bd8f033ef9cb471d8eb47b64f75a54d54516c7d14d434

SHA512
af6539c65b6db365b4b9433f973956f1b8a16b84a74eb64bc39f515b1abafdde5a7ba0aacde84847d489f283cb8bc9f74a48a442a9fa93283270e9bb15a3d3d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe

Filesize
184KB

MD5
a27708ab9f330924b568657a62896514

SHA1
9b99f0114c66ba1d22d0beb0ad79e0e8c71724cb

SHA256
fdb52a20e21d6532da2b3119089dc0967c4c51b1f693ef6c3754eb0f2d74eecc

SHA512
c075e6bce2f2cc808d090c4a47f88303dbcad648ba73cd324f948bbb540315db1838d026b9c0aa42820ee6bb01c2abb17f7528dbbc28f2535b7e52c6d804091d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65262.exe

Filesize
184KB

MD5
205c5ad30257951a9406c556935d35f3

SHA1
836beebbe0f75e8b2e7386cbd44a2a0f97c3abe4

SHA256
24987a82f5360a72c54da3647cf0af341b844da551a8349208dcfa9bee5d6578

SHA512
6ffe0c27baff9d2968fb5af83b86cf4b96e5a7bfeed1c4d96abc6a32ffeb53b68f3e5eafbafb13e9ea36b15cfa4d074a90691c4b298e1d9cb07e7a7f28eb6417

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe

Filesize
184KB

MD5
62c1dbbb712ff4d104ca4615194961e6

SHA1
c834fab8b6638fee77dff34bb8e023efc4458b1d

SHA256
9112d5aa45fbbe83fe5049082b3ed31f31a230ef4e5d31fba503534a82789c80

SHA512
bbe2084f2e7bcc202aae91974476f77904a993d180e3219ede5b08f3c2128b11bd55167998494e2a68490d201799b47d7c58d569491a2f537243704dd3885a74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe

Filesize
184KB

MD5
cde15d1612459ae0b41e493a41fd9264

SHA1
ec7f9291a9ca133fddb07a9146373cf5203b78e9

SHA256
ea69d3e8d2b4b8ac4f0c115f5d3c30b429580e30f10ba170cb6319da4c91bb5e

SHA512
25bd145b29985b8570d4434da2851b1a4bdb4885071d7a71c7fa2b2e5d3082a4084243296645ca4acfc2b676d253eb07d5031c944d4aa7efe7e6b22fe5807aa9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe

Filesize
184KB

MD5
8de436b49c0c89aaca0e26edf4d2504c

SHA1
bab5651da839e683d427fefb896eb794a388566c

SHA256
3d873226d63932d06a0324b0ce486b9a6b561ebe0f8f3c2140b288cd8abb6bb9

SHA512
0ea4fe40e58b532dbd6e199ca0a934310126b86ef28f98b964391092cfd0c5badb39aee90f07cdac9c50e1d80d33c7d8686248c34fb4d88acd1484442f6f2353

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe

Filesize
184KB

MD5
54d054b3aa103a22193c50545832d147

SHA1
92b01a09f6afaabd39c0968571273b503bcf66d0

SHA256
7460c530121065aa3ebe9f865251e4651fbb79f7959183ae49dd76936f7083a1

SHA512
740b5082387c945fe399b0a76cf525dc6de98d1343a52d120c14cf472968146923582365d2b54a24e7c718780e2b9920692c95147d8aee62a1053659c12e49e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe

Filesize
184KB

MD5
8739bcaf1df8e54d03fc83b794839de9

SHA1
cec7fbdba38e232d81a76f7b8c7656c8ae10a738

SHA256
e43c370295fe74a40f6e725cdcb8cdb4d460c595d9aa364c1a7bafb2b58b5efc

SHA512
b716973784bf6d324ebc9475a77d3dc43ae42db7ef6fc785128b5a3be6013fe1d518e127bcc57def24a12d12e0dfe67eb100a554fbbc32320b309e499908bf03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe

Filesize
184KB

MD5
7e38d1fea9ccbd7e89ffa625584eb86c

SHA1
4a964a35a03d25814bb1a4d0d99b0fa4bf0fb2b3

SHA256
eea2f04aa0379c422dd4e6edb41e40659830dccb36a5b75076877ee71d238e37

SHA512
6342a8bf2496f415836aa643436c15d0da493f7f851a7d26dc47bfa592adc321346096008309ca51f4900b2539e90a78a4420304835869d914b772213a7d9a0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe

Filesize
184KB

MD5
2e6f00a1c49e1daea60861a99e7a61f5

SHA1
47e5afc88074389fc99ecedc750f15c8d2a70635

SHA256
d0bc5a2aa8a2d485998b72f55880a321b16e0e616678de4c097d6681f85c24a0

SHA512
efb3d2e881a89729e84e5ade3d53d840f1e3cafce44178685d23a226d8712028b2a301ff62b102ca54ed30a6ffa97829a381f9c96d626c359c2f93d87e100c91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34604.exe

Filesize
184KB

MD5
569fa3400dd0cd64597c3fdb25d726e0

SHA1
db2db66af11b5f687fb66392a8ba9c3ece37c74b

SHA256
cffe8976d809273f0d48ad1832d0b6f38c5f3e2998a019ff3665177b1fa95fee

SHA512
b192e10b018f4c60b08612f34df25ba1f46dffc601346b3824dde0ca048a0453852e3f621d4501b79d030c397d36a11823c4051d49ade13bebca5eca4d7819c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe

Filesize
184KB

MD5
b65ec86fb86cfb302e0f580fb4c8c429

SHA1
665b4c2fb9985e390833c079c8a7602bcc4177a1

SHA256
0a338a7c01d7a21a584c5031784d8260b3161da4c998390a4f7779ca78170f92

SHA512
5f3b9b959ee0fbee7b619132afa6b90611ddc015c2c5fdba84c8f3103bdcd4b63383e06a26b10db4e268b27bc75220e5ace0baed5479d8642ac3666159fffe4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe

Filesize
184KB

MD5
36201cb7e0e2b7f6343b7f86ac1d157c

SHA1
eff2b817f832693e7e5899de163f29516c260dc6

SHA256
0e32019fb2935f63db0d2b9568d31935805a46fdc4742fcb966194939bc196f8

SHA512
295e2869301a7add7bbc35da5a472da662a14dc1320c536e0c7d059ee3413d92b16855c1b89541e28340db976bdfd4a16e116c3d01acd623f5c0296130018378

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe

Filesize
184KB

MD5
ae97ddf3c4481eaf3d5f836ab5b11a16

SHA1
7cda5c24e6d871c7d93517ade50b57b7ec14ab6c

SHA256
7a7a56519e8f692ed04db8495cfd91338cff853fa1c3548da9d1f4ec586756fb

SHA512
b023ab067e630858c9af36a6399cb1a823f30a96d49725a98f20e8d7b286e1bb564dbae83dd5913d8ffb162973b71f57a0551504eef6b3d904f84bcadc998182

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe

Filesize
184KB

MD5
408143a9df90f002cda70f0461994574

SHA1
29668ca2e12a821f866d78ad77a57f2b0a955547

SHA256
bfe62dc34fa3f89a1d1f9f952559192bbb95eb9af8c7ce2b5d6869006662cc2a

SHA512
8f9fd4d64d56fd346323467272bd852328f7a21809ff624f14597b377128304c374405778a4940be7aee59fec8651505f41f24ac0c33670d13a394f8b687eba7

Download Submit
memory/7848-1936-0x0000000001F00000-0x0000000001F10000-memory.dmp

Filesize
64KB

Download
memory/7848-1957-0x00000000026A0000-0x00000000026B0000-memory.dmp

Filesize
64KB

Download
memory/7848-1923-0x00000000003D0000-0x00000000003E0000-memory.dmp

Filesize
64KB

Download
memory/7848-1922-0x00000000003C0000-0x00000000003D0000-memory.dmp

Filesize
64KB

Download
memory/7848-1921-0x00000000003B0000-0x00000000003C0000-memory.dmp

Filesize
64KB

Download
memory/7848-1920-0x00000000003A0000-0x00000000003B0000-memory.dmp

Filesize
64KB

Download
memory/7848-1919-0x0000000000390000-0x00000000003A0000-memory.dmp

Filesize
64KB

Download
memory/7848-1918-0x0000000000380000-0x0000000000390000-memory.dmp

Filesize
64KB

Download
memory/7848-1917-0x0000000000370000-0x0000000000380000-memory.dmp

Filesize
64KB

Download
memory/7848-1916-0x00000000002E0000-0x00000000002F0000-memory.dmp

Filesize
64KB

Download
memory/7848-1915-0x00000000002C0000-0x00000000002D0000-memory.dmp

Filesize
64KB

Download
memory/7848-1914-0x00000000002B0000-0x00000000002C0000-memory.dmp

Filesize
64KB

Download
memory/7848-1913-0x00000000002A0000-0x00000000002B0000-memory.dmp

Filesize
64KB

Download
memory/7848-1912-0x0000000000290000-0x00000000002A0000-memory.dmp

Filesize
64KB

Download
memory/7848-1911-0x0000000000280000-0x0000000000290000-memory.dmp

Filesize
64KB

Download
memory/7848-1910-0x0000000000230000-0x0000000000240000-memory.dmp

Filesize
64KB

Download
memory/7848-1909-0x0000000000220000-0x0000000000230000-memory.dmp

Filesize
64KB

Download
memory/7848-1932-0x0000000001EA0000-0x0000000001EB0000-memory.dmp

Filesize
64KB

Download
memory/7848-1935-0x0000000001EB0000-0x0000000001EC0000-memory.dmp

Filesize
64KB

Download
memory/7848-1926-0x0000000000520000-0x0000000000530000-memory.dmp

Filesize
64KB

Download
memory/7848-1937-0x0000000001F10000-0x0000000001F20000-memory.dmp

Filesize
64KB

Download
memory/7848-1938-0x0000000001F20000-0x0000000001F30000-memory.dmp

Filesize
64KB

Download
memory/7848-1939-0x0000000001F30000-0x0000000001F40000-memory.dmp

Filesize
64KB

Download
memory/7848-1943-0x0000000001F40000-0x0000000001F50000-memory.dmp

Filesize
64KB

Download
memory/7848-1945-0x0000000001F50000-0x0000000001F60000-memory.dmp

Filesize
64KB

Download
memory/7848-1948-0x0000000001F60000-0x0000000001F70000-memory.dmp

Filesize
64KB

Download
memory/7848-1949-0x0000000002650000-0x0000000002660000-memory.dmp

Filesize
64KB

Download
memory/7848-1950-0x0000000002660000-0x0000000002670000-memory.dmp

Filesize
64KB

Download
memory/7848-1954-0x0000000002670000-0x0000000002680000-memory.dmp

Filesize
64KB

Download
memory/7848-1955-0x0000000002680000-0x0000000002690000-memory.dmp

Filesize
64KB

Download
memory/7848-1956-0x0000000002690000-0x00000000026A0000-memory.dmp

Filesize
64KB

Download
memory/7848-1925-0x0000000000510000-0x0000000000520000-memory.dmp

Filesize
64KB

Download
memory/7848-1958-0x00000000026B0000-0x00000000026C0000-memory.dmp

Filesize
64KB

Download
memory/7848-1960-0x00000000026C0000-0x00000000026D0000-memory.dmp

Filesize
64KB

Download
memory/7848-1961-0x00000000026D0000-0x00000000026E0000-memory.dmp

Filesize
64KB

Download
memory/7848-1962-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/7848-1965-0x00000000026F0000-0x0000000002700000-memory.dmp

Filesize
64KB

Download
memory/7848-1967-0x0000000002700000-0x0000000002710000-memory.dmp

Filesize
64KB

Download
memory/7848-1971-0x0000000002710000-0x0000000002720000-memory.dmp

Filesize
64KB

Download
memory/7848-1972-0x0000000002720000-0x0000000002730000-memory.dmp

Filesize
64KB

Download
memory/7848-1973-0x0000000002730000-0x0000000002740000-memory.dmp

Filesize
64KB

Download
memory/7848-1974-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/7848-1975-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/7848-1976-0x0000000002760000-0x0000000002770000-memory.dmp

Filesize
64KB

Download
memory/7848-1977-0x0000000002770000-0x0000000002780000-memory.dmp

Filesize
64KB

Download
memory/7848-1979-0x0000000002790000-0x00000000027A0000-memory.dmp

Filesize
64KB

Download
memory/7848-1978-0x0000000002780000-0x0000000002790000-memory.dmp

Filesize
64KB

Download
memory/7848-1982-0x00000000027A0000-0x00000000027B0000-memory.dmp

Filesize
64KB

Download
memory/7848-1986-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/7848-1987-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/7848-1988-0x00000000027D0000-0x00000000027E0000-memory.dmp

Filesize
64KB

Download
memory/7848-1989-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/7848-1990-0x00000000027F0000-0x0000000002800000-memory.dmp

Filesize
64KB

Download
memory/7848-1927-0x0000000000530000-0x0000000000540000-memory.dmp

Filesize
64KB

Download
memory/7848-1928-0x0000000000540000-0x0000000000550000-memory.dmp

Filesize
64KB

Download
memory/7848-1924-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/7848-1931-0x0000000001E90000-0x0000000001EA0000-memory.dmp

Filesize
64KB

Download
memory/7848-1930-0x0000000000560000-0x0000000000570000-memory.dmp

Filesize
64KB

Download
memory/7848-1929-0x0000000000550000-0x0000000000560000-memory.dmp

Filesize
64KB

Download
memory/10412-2278-0x00000000005C0000-0x00000000005D0000-memory.dmp

Filesize
64KB

Download
memory/10412-2280-0x00000000005E0000-0x00000000005F0000-memory.dmp

Filesize
64KB

Download
memory/10412-2281-0x00000000005F0000-0x0000000000600000-memory.dmp

Filesize
64KB

Download
memory/10412-2282-0x0000000000600000-0x0000000000610000-memory.dmp

Filesize
64KB

Download
memory/10412-2279-0x00000000005D0000-0x00000000005E0000-memory.dmp

Filesize
64KB

Download