a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
Size

184KB
MD5

568b84e028e8fd3dd7024d35dc059307
SHA1

3ff67479d616b6d3faf17abf4c30ed37c5e2b1a3
SHA256

a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8
SHA512

5daa6829c610669585bd36b51a2ba12655e94e517c5c585d48f54b75ea58bb577d42bbcd82c11ff37f203e0210a8db6f6bac2b08b02a76d70102d0946c5f5166
SSDEEP

3072:6ZP3x8of7RhDdFaWeWwLRtsChlnViFFn3:6ZKoH5FapLbsChlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38595.exeUnicorn-43755.exeUnicorn-63621.exeUnicorn-35708.exeUnicorn-17980.exeUnicorn-18879.exeUnicorn-53827.exeUnicorn-31465.exeUnicorn-58430.exeUnicorn-18467.exeUnicorn-64138.exeUnicorn-43013.exeUnicorn-6318.exeUnicorn-59624.exeUnicorn-56972.exeUnicorn-35525.exeUnicorn-8.exeUnicorn-35333.exeUnicorn-51176.exeUnicorn-44892.exeUnicorn-40869.exeUnicorn-60735.exeUnicorn-42474.exeUnicorn-16578.exeUnicorn-52287.exeUnicorn-55001.exeUnicorn-55001.exeUnicorn-47907.exeUnicorn-17695.exeUnicorn-63366.exeUnicorn-17695.exeUnicorn-15042.exeUnicorn-59524.exeUnicorn-43873.exeUnicorn-9124.exeUnicorn-44833.exeUnicorn-9700.exeUnicorn-11968.exeUnicorn-55144.exeUnicorn-9472.exeUnicorn-42337.exeUnicorn-33161.exeUnicorn-64158.exeUnicorn-4329.exeUnicorn-31294.exeUnicorn-31870.exeUnicorn-12004.exeUnicorn-64926.exeUnicorn-24963.exeUnicorn-37961.exeUnicorn-57827.exeUnicorn-42176.exeUnicorn-37769.exeUnicorn-41995.exeUnicorn-7438.exeUnicorn-60744.exeUnicorn-61740.exeUnicorn-16837.exeUnicorn-9462.exeUnicorn-13032.exeUnicorn-56930.exeUnicorn-6660.exeUnicorn-46494.exeUnicorn-24450.exe

pid	process
1668	Unicorn-38595.exe
2920	Unicorn-43755.exe
2112	Unicorn-63621.exe
2732	Unicorn-35708.exe
2768	Unicorn-17980.exe
2072	Unicorn-18879.exe
2564	Unicorn-53827.exe
2164	Unicorn-31465.exe
1908	Unicorn-58430.exe
1980	Unicorn-18467.exe
1444	Unicorn-64138.exe
2588	Unicorn-43013.exe
1028	Unicorn-6318.exe
2808	Unicorn-59624.exe
2292	Unicorn-56972.exe
2256	Unicorn-35525.exe
536	Unicorn-8.exe
688	Unicorn-35333.exe
640	Unicorn-51176.exe
2864	Unicorn-44892.exe
976	Unicorn-40869.exe
1528	Unicorn-60735.exe
1856	Unicorn-42474.exe
2008	Unicorn-16578.exe
896	Unicorn-52287.exe
2440	Unicorn-55001.exe
1288	Unicorn-55001.exe
1516	Unicorn-47907.exe
888	Unicorn-17695.exe
2504	Unicorn-63366.exe
2428	Unicorn-17695.exe
2224	Unicorn-15042.exe
2844	Unicorn-59524.exe
2612	Unicorn-43873.exe
2748	Unicorn-9124.exe
3044	Unicorn-44833.exe
1808	Unicorn-9700.exe
2760	Unicorn-11968.exe
2576	Unicorn-55144.exe
2740	Unicorn-9472.exe
2416	Unicorn-42337.exe
2080	Unicorn-33161.exe
1912	Unicorn-64158.exe
1116	Unicorn-4329.exe
2000	Unicorn-31294.exe
2176	Unicorn-31870.exe
1904	Unicorn-12004.exe
1032	Unicorn-64926.exe
2820	Unicorn-24963.exe
2800	Unicorn-37961.exe
2148	Unicorn-57827.exe
2392	Unicorn-42176.exe
2280	Unicorn-37769.exe
3024	Unicorn-41995.exe
2124	Unicorn-7438.exe
3056	Unicorn-60744.exe
2980	Unicorn-61740.exe
1556	Unicorn-16837.exe
2996	Unicorn-9462.exe
2660	Unicorn-13032.exe
2764	Unicorn-56930.exe
2756	Unicorn-6660.exe
2544	Unicorn-46494.exe
2536	Unicorn-24450.exe

Loads dropped DLL 64 IoCs

Processes:

a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exeUnicorn-38595.exeUnicorn-63621.exeUnicorn-43755.exeWerFault.exeUnicorn-35708.exeUnicorn-17980.exeUnicorn-18879.exeWerFault.exeWerFault.exeUnicorn-53827.exeUnicorn-58430.exeUnicorn-18467.exeUnicorn-31465.exeUnicorn-64138.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
1668	Unicorn-38595.exe
2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
1668	Unicorn-38595.exe
2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
2112	Unicorn-63621.exe
2112	Unicorn-63621.exe
1668	Unicorn-38595.exe
1668	Unicorn-38595.exe
2920	Unicorn-43755.exe
2920	Unicorn-43755.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2732	Unicorn-35708.exe
2732	Unicorn-35708.exe
2112	Unicorn-63621.exe
2112	Unicorn-63621.exe
2768	Unicorn-17980.exe
2768	Unicorn-17980.exe
2920	Unicorn-43755.exe
2072	Unicorn-18879.exe
2920	Unicorn-43755.exe
2072	Unicorn-18879.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2196	WerFault.exe
2564	Unicorn-53827.exe
2564	Unicorn-53827.exe
2732	Unicorn-35708.exe
2732	Unicorn-35708.exe
1908	Unicorn-58430.exe
1908	Unicorn-58430.exe
2768	Unicorn-17980.exe
2768	Unicorn-17980.exe
1980	Unicorn-18467.exe
1980	Unicorn-18467.exe
2072	Unicorn-18879.exe
2072	Unicorn-18879.exe
2164	Unicorn-31465.exe
2164	Unicorn-31465.exe
1444	Unicorn-64138.exe
1444	Unicorn-64138.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
832	WerFault.exe
2488	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
856	2068	WerFault.exe	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
2632	1668	WerFault.exe	Unicorn-38595.exe
2196	2112	WerFault.exe	Unicorn-63621.exe
2200	2920	WerFault.exe	Unicorn-43755.exe
2312	2732	WerFault.exe	Unicorn-35708.exe
832	2768	WerFault.exe	Unicorn-17980.exe
2488	2072	WerFault.exe	Unicorn-18879.exe
1560	2564	WerFault.exe	Unicorn-53827.exe
1700	1908	WerFault.exe	Unicorn-58430.exe
1992	1980	WerFault.exe	Unicorn-18467.exe
1612	2164	WerFault.exe	Unicorn-31465.exe
760	1444	WerFault.exe	Unicorn-64138.exe
2496	2588	WerFault.exe	Unicorn-43013.exe
1492	1028	WerFault.exe	Unicorn-6318.exe
1764	2808	WerFault.exe	Unicorn-59624.exe
1540	2292	WerFault.exe	Unicorn-56972.exe
1392	640	WerFault.exe	Unicorn-51176.exe
1340	688	WerFault.exe	Unicorn-35333.exe
2424	536	WerFault.exe	Unicorn-8.exe
836	2256	WerFault.exe	Unicorn-35525.exe
1436	976	WerFault.exe	Unicorn-40869.exe
1608	2864	WerFault.exe	Unicorn-44892.exe
1236	1528	WerFault.exe	Unicorn-60735.exe
1772	896	WerFault.exe	Unicorn-52287.exe
2508	1856	WerFault.exe	Unicorn-42474.exe
2828	2440	WerFault.exe	Unicorn-55001.exe
2288	1288	WerFault.exe	Unicorn-55001.exe
1476	1516	WerFault.exe	Unicorn-47907.exe
2988	2504	WerFault.exe	Unicorn-63366.exe
1580	2428	WerFault.exe	Unicorn-17695.exe
2212	2224	WerFault.exe	Unicorn-15042.exe
2912	888	WerFault.exe	Unicorn-17695.exe
2548	676	WerFault.exe	Unicorn-54.exe
3120	2616	WerFault.exe	Unicorn-54.exe
3420	1588	WerFault.exe	Unicorn-34298.exe
3564	2844	WerFault.exe	Unicorn-59524.exe
3644	2612	WerFault.exe	Unicorn-43873.exe
3732	2748	WerFault.exe	Unicorn-9124.exe
3800	2416	WerFault.exe	Unicorn-42337.exe
3844	2576	WerFault.exe	Unicorn-55144.exe
3864	2760	WerFault.exe	Unicorn-11968.exe
3888	1808	WerFault.exe	Unicorn-9700.exe
3916	3044	WerFault.exe	Unicorn-44833.exe
3960	2148	WerFault.exe	Unicorn-57827.exe
3676	1912	WerFault.exe	Unicorn-64158.exe
3716	2740	WerFault.exe	Unicorn-9472.exe
3792	1116	WerFault.exe	Unicorn-4329.exe
3896	2392	WerFault.exe	Unicorn-42176.exe
4000	1032	WerFault.exe	Unicorn-64926.exe
4084	3024	WerFault.exe	Unicorn-41995.exe
484	2820	WerFault.exe	Unicorn-24963.exe
3108	2080	WerFault.exe	Unicorn-33161.exe
3168	2756	WerFault.exe	Unicorn-6660.exe
3172	1904	WerFault.exe	Unicorn-12004.exe
3240	2280	WerFault.exe	Unicorn-37769.exe
3316	1244	WerFault.exe	Unicorn-65015.exe
3288	1184	WerFault.exe	Unicorn-49748.exe
3440	352	WerFault.exe	Unicorn-62939.exe
3484	2252	WerFault.exe	Unicorn-246.exe
3584	2436	WerFault.exe	Unicorn-38897.exe
3636	2832	WerFault.exe	Unicorn-17277.exe
3612	560	WerFault.exe	Unicorn-20916.exe
3624	2976	WerFault.exe	Unicorn-36375.exe
3188	3040	WerFault.exe	Unicorn-38897.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exeUnicorn-38595.exeUnicorn-63621.exeUnicorn-43755.exeUnicorn-35708.exeUnicorn-17980.exeUnicorn-18879.exeUnicorn-53827.exeUnicorn-31465.exeUnicorn-58430.exeUnicorn-64138.exeUnicorn-18467.exeUnicorn-43013.exeUnicorn-6318.exeUnicorn-59624.exeUnicorn-56972.exeUnicorn-8.exeUnicorn-35333.exeUnicorn-35525.exeUnicorn-51176.exeUnicorn-44892.exeUnicorn-40869.exeUnicorn-60735.exeUnicorn-42474.exeUnicorn-16578.exeUnicorn-52287.exeUnicorn-55001.exeUnicorn-55001.exeUnicorn-47907.exeUnicorn-17695.exeUnicorn-17695.exeUnicorn-63366.exeUnicorn-15042.exeUnicorn-59524.exeUnicorn-43873.exeUnicorn-9124.exeUnicorn-9700.exeUnicorn-44833.exeUnicorn-11968.exeUnicorn-9472.exeUnicorn-55144.exeUnicorn-42337.exeUnicorn-33161.exeUnicorn-64158.exeUnicorn-4329.exeUnicorn-31294.exeUnicorn-31870.exeUnicorn-12004.exeUnicorn-64926.exeUnicorn-24963.exeUnicorn-42176.exeUnicorn-37961.exeUnicorn-57827.exeUnicorn-37769.exeUnicorn-41995.exeUnicorn-7438.exeUnicorn-60744.exeUnicorn-16837.exeUnicorn-9462.exeUnicorn-13032.exeUnicorn-56930.exeUnicorn-6660.exeUnicorn-46494.exeUnicorn-24450.exe

pid	process
2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
1668	Unicorn-38595.exe
2112	Unicorn-63621.exe
2920	Unicorn-43755.exe
2732	Unicorn-35708.exe
2768	Unicorn-17980.exe
2072	Unicorn-18879.exe
2564	Unicorn-53827.exe
2164	Unicorn-31465.exe
1908	Unicorn-58430.exe
1444	Unicorn-64138.exe
1980	Unicorn-18467.exe
2588	Unicorn-43013.exe
1028	Unicorn-6318.exe
2808	Unicorn-59624.exe
2292	Unicorn-56972.exe
536	Unicorn-8.exe
688	Unicorn-35333.exe
2256	Unicorn-35525.exe
640	Unicorn-51176.exe
2864	Unicorn-44892.exe
976	Unicorn-40869.exe
1528	Unicorn-60735.exe
1856	Unicorn-42474.exe
2008	Unicorn-16578.exe
896	Unicorn-52287.exe
2440	Unicorn-55001.exe
1288	Unicorn-55001.exe
1516	Unicorn-47907.exe
888	Unicorn-17695.exe
2428	Unicorn-17695.exe
2504	Unicorn-63366.exe
2224	Unicorn-15042.exe
2844	Unicorn-59524.exe
2612	Unicorn-43873.exe
2748	Unicorn-9124.exe
1808	Unicorn-9700.exe
3044	Unicorn-44833.exe
2760	Unicorn-11968.exe
2740	Unicorn-9472.exe
2576	Unicorn-55144.exe
2416	Unicorn-42337.exe
2080	Unicorn-33161.exe
1912	Unicorn-64158.exe
1116	Unicorn-4329.exe
2000	Unicorn-31294.exe
2176	Unicorn-31870.exe
1904	Unicorn-12004.exe
1032	Unicorn-64926.exe
2820	Unicorn-24963.exe
2392	Unicorn-42176.exe
2800	Unicorn-37961.exe
2148	Unicorn-57827.exe
2280	Unicorn-37769.exe
3024	Unicorn-41995.exe
2124	Unicorn-7438.exe
3056	Unicorn-60744.exe
1556	Unicorn-16837.exe
2996	Unicorn-9462.exe
2660	Unicorn-13032.exe
2764	Unicorn-56930.exe
2756	Unicorn-6660.exe
2544	Unicorn-46494.exe
2536	Unicorn-24450.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exeUnicorn-38595.exeUnicorn-63621.exeUnicorn-43755.exeUnicorn-35708.exeUnicorn-17980.exeUnicorn-18879.exeUnicorn-53827.exe

description	pid	process	target process
PID 2068 wrote to memory of 1668	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-38595.exe
PID 2068 wrote to memory of 1668	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-38595.exe
PID 2068 wrote to memory of 1668	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-38595.exe
PID 2068 wrote to memory of 1668	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-38595.exe
PID 1668 wrote to memory of 2112	1668	Unicorn-38595.exe	Unicorn-63621.exe
PID 1668 wrote to memory of 2112	1668	Unicorn-38595.exe	Unicorn-63621.exe
PID 1668 wrote to memory of 2112	1668	Unicorn-38595.exe	Unicorn-63621.exe
PID 1668 wrote to memory of 2112	1668	Unicorn-38595.exe	Unicorn-63621.exe
PID 2068 wrote to memory of 2920	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-43755.exe
PID 2068 wrote to memory of 2920	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-43755.exe
PID 2068 wrote to memory of 2920	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-43755.exe
PID 2068 wrote to memory of 2920	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	Unicorn-43755.exe
PID 2068 wrote to memory of 856	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	WerFault.exe
PID 2068 wrote to memory of 856	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	WerFault.exe
PID 2068 wrote to memory of 856	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	WerFault.exe
PID 2068 wrote to memory of 856	2068	a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe	WerFault.exe
PID 2112 wrote to memory of 2732	2112	Unicorn-63621.exe	Unicorn-35708.exe
PID 2112 wrote to memory of 2732	2112	Unicorn-63621.exe	Unicorn-35708.exe
PID 2112 wrote to memory of 2732	2112	Unicorn-63621.exe	Unicorn-35708.exe
PID 2112 wrote to memory of 2732	2112	Unicorn-63621.exe	Unicorn-35708.exe
PID 1668 wrote to memory of 2768	1668	Unicorn-38595.exe	Unicorn-17980.exe
PID 1668 wrote to memory of 2768	1668	Unicorn-38595.exe	Unicorn-17980.exe
PID 1668 wrote to memory of 2768	1668	Unicorn-38595.exe	Unicorn-17980.exe
PID 1668 wrote to memory of 2768	1668	Unicorn-38595.exe	Unicorn-17980.exe
PID 2920 wrote to memory of 2072	2920	Unicorn-43755.exe	Unicorn-18879.exe
PID 2920 wrote to memory of 2072	2920	Unicorn-43755.exe	Unicorn-18879.exe
PID 2920 wrote to memory of 2072	2920	Unicorn-43755.exe	Unicorn-18879.exe
PID 2920 wrote to memory of 2072	2920	Unicorn-43755.exe	Unicorn-18879.exe
PID 1668 wrote to memory of 2632	1668	Unicorn-38595.exe	WerFault.exe
PID 1668 wrote to memory of 2632	1668	Unicorn-38595.exe	WerFault.exe
PID 1668 wrote to memory of 2632	1668	Unicorn-38595.exe	WerFault.exe
PID 1668 wrote to memory of 2632	1668	Unicorn-38595.exe	WerFault.exe
PID 2732 wrote to memory of 2564	2732	Unicorn-35708.exe	Unicorn-53827.exe
PID 2732 wrote to memory of 2564	2732	Unicorn-35708.exe	Unicorn-53827.exe
PID 2732 wrote to memory of 2564	2732	Unicorn-35708.exe	Unicorn-53827.exe
PID 2732 wrote to memory of 2564	2732	Unicorn-35708.exe	Unicorn-53827.exe
PID 2112 wrote to memory of 2164	2112	Unicorn-63621.exe	Unicorn-31465.exe
PID 2112 wrote to memory of 2164	2112	Unicorn-63621.exe	Unicorn-31465.exe
PID 2112 wrote to memory of 2164	2112	Unicorn-63621.exe	Unicorn-31465.exe
PID 2112 wrote to memory of 2164	2112	Unicorn-63621.exe	Unicorn-31465.exe
PID 2768 wrote to memory of 1908	2768	Unicorn-17980.exe	Unicorn-58430.exe
PID 2768 wrote to memory of 1908	2768	Unicorn-17980.exe	Unicorn-58430.exe
PID 2768 wrote to memory of 1908	2768	Unicorn-17980.exe	Unicorn-58430.exe
PID 2768 wrote to memory of 1908	2768	Unicorn-17980.exe	Unicorn-58430.exe
PID 2920 wrote to memory of 1444	2920	Unicorn-43755.exe	Unicorn-64138.exe
PID 2920 wrote to memory of 1444	2920	Unicorn-43755.exe	Unicorn-64138.exe
PID 2920 wrote to memory of 1444	2920	Unicorn-43755.exe	Unicorn-64138.exe
PID 2920 wrote to memory of 1444	2920	Unicorn-43755.exe	Unicorn-64138.exe
PID 2072 wrote to memory of 1980	2072	Unicorn-18879.exe	Unicorn-18467.exe
PID 2072 wrote to memory of 1980	2072	Unicorn-18879.exe	Unicorn-18467.exe
PID 2072 wrote to memory of 1980	2072	Unicorn-18879.exe	Unicorn-18467.exe
PID 2072 wrote to memory of 1980	2072	Unicorn-18879.exe	Unicorn-18467.exe
PID 2112 wrote to memory of 2196	2112	Unicorn-63621.exe	WerFault.exe
PID 2112 wrote to memory of 2196	2112	Unicorn-63621.exe	WerFault.exe
PID 2112 wrote to memory of 2196	2112	Unicorn-63621.exe	WerFault.exe
PID 2112 wrote to memory of 2196	2112	Unicorn-63621.exe	WerFault.exe
PID 2920 wrote to memory of 2200	2920	Unicorn-43755.exe	WerFault.exe
PID 2920 wrote to memory of 2200	2920	Unicorn-43755.exe	WerFault.exe
PID 2920 wrote to memory of 2200	2920	Unicorn-43755.exe	WerFault.exe
PID 2920 wrote to memory of 2200	2920	Unicorn-43755.exe	WerFault.exe
PID 2564 wrote to memory of 2588	2564	Unicorn-53827.exe	Unicorn-43013.exe
PID 2564 wrote to memory of 2588	2564	Unicorn-53827.exe	Unicorn-43013.exe
PID 2564 wrote to memory of 2588	2564	Unicorn-53827.exe	Unicorn-43013.exe
PID 2564 wrote to memory of 2588	2564	Unicorn-53827.exe	Unicorn-43013.exe

C:\Users\Admin\AppData\Local\Temp\a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe
"C:\Users\Admin\AppData\Local\Temp\a7eeef940f1cdf5b6b0f5ef0b3623672fd87e15de52e66f796a7cdba690f64d8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
10⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe
11⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
12⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
13⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
14⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
14⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
13⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
12⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
11⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
10⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
11⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 200
12⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
11⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
9⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
10⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
11⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
12⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
13⤵
PID:11592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
14⤵
PID:12100

C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
15⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12100 -s 216
15⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11592 -s 236
14⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
12⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
11⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
10⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
9⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
8⤵
- Executes dropped EXE
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
9⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
11⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
12⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
13⤵
PID:9244

C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
14⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
13⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 236
12⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
10⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
11⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
12⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
13⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 236
13⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 236
12⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
9⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
- Program crash
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
9⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
11⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
12⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
13⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
14⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 236
14⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
13⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
12⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
11⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
12⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-848.exe
13⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
14⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
14⤵
PID:12600

C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
13⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 240
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
12⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
8⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
9⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
11⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
12⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
13⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
14⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
11⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
13⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
13⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 220
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 220
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
10⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
9⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
8⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
9⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 220
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
9⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
8⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
12⤵
PID:11516

C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11516 -s 236
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
11⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 236
12⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
10⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
8⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
7⤵
- Program crash
PID:1436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
6⤵
- Program crash
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
8⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
9⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
11⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
12⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
13⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
14⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
13⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 220
12⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
10⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
11⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
12⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
13⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 236
13⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
12⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
11⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
11⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
12⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
13⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 236
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
8⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
7⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
8⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
11⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
12⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
13⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 236
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
12⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
10⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
11⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
11⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
8⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-9700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9700.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
8⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
10⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
11⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
12⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
11⤵
PID:11400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
12⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11400 -s 216
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
10⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
7⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
10⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
11⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
12⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
10⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
8⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
6⤵
- Program crash
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
8⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
9⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
11⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
12⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
13⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
13⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
12⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 216
9⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
10⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
11⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
11⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12861.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
11⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
12⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 236
12⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
8⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
7⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
7⤵
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
9⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
10⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-51758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51758.exe
11⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
11⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
10⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 220
9⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
8⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
7⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
6⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-64926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64926.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6608.exe
7⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
10⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
11⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
12⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 236
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
7⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4638.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
9⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
10⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6699.exe
11⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
10⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
8⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
7⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
6⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
7⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
9⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
10⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
11⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 220
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
10⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
9⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
8⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
7⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
5⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
9⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
10⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
11⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14017.exe
12⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
13⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
13⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
12⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
11⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
10⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
11⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
12⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 220
12⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
8⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
11⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
12⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
13⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 236
13⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
11⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 216
9⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
8⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-18083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18083.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
12⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
13⤵
PID:11948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
14⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11948 -s 236
14⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 236
13⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30076.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
10⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
11⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 236
10⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
7⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
8⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
10⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
11⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 216
8⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
7⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
9⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
10⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
11⤵
PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 236
10⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
8⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 220
7⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
6⤵
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
7⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33877.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
11⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 236
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
7⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
9⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
10⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
11⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
11⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
10⤵
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
9⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
8⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
6⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
9⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
10⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
10⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
9⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
7⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
5⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52287.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
11⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
12⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
13⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 236
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
12⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
11⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
12⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
10⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
11⤵
PID:9268

C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9268 -s 216
12⤵
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
7⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
10⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
7⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 200
11⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
10⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
7⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 220
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
11⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
12⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 236
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 220
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25350.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24334.exe
9⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
9⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 380
10⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 220
9⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
8⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
7⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
6⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
7⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
9⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
10⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
10⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 220
9⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
7⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
6⤵
- Program crash
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
5⤵
- Program crash
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
8⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
9⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
12⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
13⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
11⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
11⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
11⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
8⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
10⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
11⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
11⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 220
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
8⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
7⤵
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
10⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
11⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 236
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 220
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
7⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
9⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
10⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
11⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
10⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 220
9⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
7⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
6⤵
- Program crash
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
7⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32127.exe
9⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
10⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
11⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 236
12⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
11⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
10⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
9⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
8⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
7⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
6⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-13906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13906.exe
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
9⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
10⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
11⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 236
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
10⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
9⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
7⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
6⤵
- Program crash
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
5⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
7⤵
PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 220
8⤵
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
9⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
10⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
11⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
10⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
9⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
8⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
7⤵
- Program crash
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
6⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
9⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
10⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
11⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
10⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
8⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 216
7⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
6⤵
- Program crash
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
6⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
7⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
9⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
10⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
11⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
10⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
9⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
8⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
7⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
6⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
7⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
8⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
9⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
10⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 236
10⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
9⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
8⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
7⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
6⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 220
5⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
7⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
9⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
9⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
10⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
11⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 236
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
10⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
8⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
7⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
6⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
7⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
6⤵
- Program crash
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
6⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
8⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 220
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
7⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
6⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
7⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
8⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
9⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
10⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
10⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
9⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 220
8⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
7⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
6⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
5⤵
- Program crash
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
6⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
10⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
11⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
11⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
9⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
7⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
6⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
7⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
8⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
9⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
10⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
10⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
9⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
8⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
7⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
6⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
5⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
6⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
7⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
8⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
9⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
9⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
8⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
7⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
6⤵
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
5⤵
- Program crash
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
4⤵
- Program crash
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
2⤵
- Program crash
PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe

Filesize
184KB

MD5
58a2a93f6233915e6ce035397bf7c56c

SHA1
1abf0b94b5198f16ea2b24947887270fe8368544

SHA256
576880bbaa62ccb327acc16e5b274193aee2af0cf10660af360b678644b99fcd

SHA512
93e2407093b08400ff31a376618763b3fe9ab8612a045a1cfd21b2bc3dcba90c373b8fdc937dc84701f3249f228204d060dd23205c7458bfac5bfaf9282a775c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe

Filesize
184KB

MD5
ec1b28471b5c8fef11ce3d5e81ff40e6

SHA1
00afa3f68e015722156615622bbea61c88000d73

SHA256
efe41a52ad42f03f5a76ca7916fd9d8173917fad08719ef105b69aebc2d5d991

SHA512
e6ae699871c66e530aabe032520723539a1b20e5289745477849af16f186d3cf2ac6298bd466ef245d60b95efa62a7dff9006c39abb789f454c33d168a022018

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe

Filesize
184KB

MD5
82c83f9adbae1909aca7ff632bee138d

SHA1
e276d698818da7c32730c698858646e0ff64fef7

SHA256
0f5b97e3e7f7ed9e1d806d2f125cf127acd0d6720bfa23f1aa91d3eb0f5fe498

SHA512
561f26606ef70b306cfb6fe09915fdd749a6d20bf76daeaa25e2b1295850409b6faed605b507c98e6d35af1a904875bbd4a30f40c7104d068dbae3da6704c17a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe

Filesize
184KB

MD5
0183a57472ffe0a31f3bbf5446a26294

SHA1
6d08e0e4a1192b8bf3365941bfffd7c75757cb85

SHA256
f391871ce53b22c0b2ae3fe43a5792cd0637a5c87c029f99ee13281d159bfaba

SHA512
a8b1237dc4df1de2c5e51e5bc20f7ae58ac7d4c87e9f06e1ccd12faf15a775eba9afd236cc03c8a7cafcc5acd95d2d5368e1d819389cef6e5f1cfe9a29ce7e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe

Filesize
184KB

MD5
2d68845f34a09ce35c6c51970b3d5194

SHA1
b953f9c5c177069a39b98944fd7b9ae0d57fcc36

SHA256
74eaf4bf1612987f557833c3d23ee26f3ea6ebde571a37b65a61ce9840f4804a

SHA512
0df29654e90ad25f4cb5854eab380faeaae1b82eb9855554392c18be2fa7d15a3ae3da0794507523064056373e0bfe14a4983a2b5e4396193c4c6f44039cc681

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe

Filesize
184KB

MD5
a77c12b65ad8086b3359560e6b6e2608

SHA1
35066e7e8d60a855b2091265a80983f37d4c6097

SHA256
88b6cc8f333254965ac5bb043b119f88e018733f5ff3135afce418bc0456280f

SHA512
95163ebddb9114f455e5c3fb9357ad3a9d1bdbf5489295ba51699203598b5ab93178caccad4451d8e4edc54b6457270f76ff3324788d718750182960ec77c119

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe

Filesize
184KB

MD5
0de3e511ebda40a38394b2601dcea54a

SHA1
a371b10140b92da99447a478c1f996e8905f05ec

SHA256
df70f4ffd539524e09b157281c2000d2021fd1cab84cd4b4f95b8ec1e5aeb311

SHA512
7c64906a400f54eedc330d66a9f07d2f9271143bc52fc65fe8d53bef6281fc0fb749665e21e09cbd2145d1fda315942b827ab095e58a0981925a26cd31be37bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe

Filesize
184KB

MD5
e3e97b5a33a269a66420588859659925

SHA1
1cf32e616f338793c02aa102c5cd2a0d9227548a

SHA256
dfd064e6ae46ee1ab73779d8bd1c464a6b8c32e50ccb80256da0ded30b01b543

SHA512
2151cbf153a6bd1d682c23e5db26e37b75d8cddb69b8037dfc13f067f7e90a11c0b0798a5911a64199131e202a2742590ce1a06ecd9e11df96273d6f864ad57e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe

Filesize
184KB

MD5
4c46572e8b0dd42b9c3cbd87ea4098d7

SHA1
9af8d1b36a42e897c70d6a764328cc23032546cf

SHA256
a6ef4eb7020b83f0261e1a058adfc7ed0260164a2e089defb50c69cde282506f

SHA512
1760bb2cc0eb7a78b770f97599a312bd333cb468148e45debd5cb950df3e0d48669e999ef26269e142862a67400013a07e607392f4729190533d9e223229a444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe

Filesize
184KB

MD5
db167ba26d6226744b267c46a60149d8

SHA1
407f508b3aa91e89102f0d06d12f71235667f629

SHA256
5494406914ab842fd881123c77e8f6e4c1ebe47eaa01fbc1b335139d22876e1e

SHA512
c78fe58a1a4da36e21ef6a7dcce3abd427e8e9c8e348ddab40284140a952850b56717707fbb534e8bd0108b3cce0d2014e2d4c51461ad6a7a8842b21725938aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe

Filesize
184KB

MD5
c136620a3fd3d76fb993c444663e98d1

SHA1
69290a84d0fb4454a026c4ac43427b6c60f35008

SHA256
3e5cb47de0f5f49bb85dd72d78ce1815c13708f3dc628722b91eac85ee4dea70

SHA512
b267b54a4e8f7b660cc792d510618ce3fb83352fa3ca5a1d3f8a19af49f5197fbe631d5f81992f8b354fc98812fd3e7fea5d77d517bab76ba1b4062262e72e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe

Filesize
184KB

MD5
7468d606047de249928267e2b0d240d6

SHA1
3d7245e89a8aed98f38c2077cd7fd6255ff1393c

SHA256
cbf5fa9a431f12ba00be8c8d7681ceca61a2d7e5f526065dbdcca085a6b21946

SHA512
9538734488c14e4f28b06c64025e60d57d55fac789f7c5b29eadc86b44dce6364b5cf2b9ba40aaaaa81b87982344ece95641b874d49d144fdfb596d798012d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe

Filesize
184KB

MD5
7185f8269bbfd36f22826c84ff4d7f8c

SHA1
b78abb511a849454c7a102073293b0ebc9869517

SHA256
638efadd8a74a78b6335dec148cf37fac7aaa7c1ffa371173c8c0af4f61dbad6

SHA512
fd44027c4e62a7fad6b2058ab05de5468402095cdd9b3c9fc6f6ff09ce6e91e12cba018a3266e56d12506ec3f2534b39172860c55862ca9d6f66705baf0b164e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe

Filesize
184KB

MD5
1c36a49545f710ac15bef3afa5dbaf24

SHA1
8b7674927d8df3718935608a5552269653f569a7

SHA256
0371ae75a0f5c523991bd85522d3ff96c3c2d6323d7004b5cb6c885e237f5960

SHA512
0085feea15fc682527997ae8639b3d8652e50da28a7c5e5fa940a9dfd370b0215733e094dfb69a3d1bed90acea7d2075ae200d87084ea1e33a1dc33d36b27f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe

Filesize
184KB

MD5
92a12ee0a6f8dfe11d87221c932d01aa

SHA1
1dd8a73825dfbc0fbc210b841a26501c14707ca3

SHA256
4c4a0c954cf6fa3f0e73035a70e548b9bc211df570ca852974f360072bc0cca7

SHA512
9e1388bffe61e3e87f5058ecbbe9d53b1e889e6f7635cc8a711c4e43ceb2401648148139a14d9107956948671f28140925a991678fb230f07b8e7141f06a5966

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe

Filesize
184KB

MD5
3968db2da18a982e6ba74c6f6349e40e

SHA1
02c0ff9d957e4737335fd63813d6643a349376e1

SHA256
e37572b2710dd4d9b200bb8a2e51a616c949786b78582861011325145f1933eb

SHA512
99b3953f872a955ea3c22b76aed69f934048271e4e93dda82dddc0f9c1edaa4d0d41e10c7735cde280c61325208dee62190bcd98f3a66f6806c1dfc4692383a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe

Filesize
184KB

MD5
aed6c1c70b55f6dd6fc09fe54bba4dae

SHA1
ad0c7faf60517615405ce1961a86e1abfae2641c

SHA256
bd6a65db9fee70a9fa7c88b3bd4862fbd803c0e50f62b89b1afaac0c7487a1a0

SHA512
930f2b5636f64821a1a183c4675f48835ce4bf332d81aabcf59a45319b19cca882ce5eeff4df4fad15e40ea970838fda1a5934bcfcf87a0e8a5fc0464daebaaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe

Filesize
184KB

MD5
fa8987b4fee356fb3d5186b67c9def1f

SHA1
c7adc4f621d60825cad40919d18d302e2761c5c2

SHA256
f3ec644c5f5ec19bbfe13477c2b5c92bf94438d2306aba2830eca955a0e1bbd0

SHA512
4fd11515144455676dd6adf1979d7740962d78bb021e802cbc36cc5b4752eac6540215d30bea31a96f0e0c5829e2fdec056710ede1b555bc5967ca6b56147859

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe

Filesize
184KB

MD5
b3eab3d35f4182ad52229159c78b1d5d

SHA1
2f6408f8d133faac842d503de3e71322c3be2749

SHA256
1b70076233b91aa20858877b40ffb471d98785ba0be100eba55cfd50c3f49f2f

SHA512
635bf0cb29c543bd0a30cf774fd3ca29900213a60dbacad7fa8b5c3f0aa783f68fb1591ae785e8d8a4c4c67b61bf45bb6a82830a1ed44b168a60efdba1862c33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe

Filesize
184KB

MD5
90d834fea5a723981ef712851f94827c

SHA1
e5688dd5d90ce40863309eca0d9187044e4783f4

SHA256
d4f9a95949bf81e263d7ef23f0c3231219bf3e57e17f780c9d8ceee90e3a2a87

SHA512
4bb03f3c9bfce98f15dd0994d83faeb68d2a2def07c103adf5d6799c1cbb2f1034dc0c9adde0de97c2e9bb32e1440e029c220bb7bdba2dcbce4510610d5ec7dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe

Filesize
184KB

MD5
c331512a2110c620cdf1839eb5234605

SHA1
371118792077882f09463be62d32325a18afaa4f

SHA256
1e6eec20bd130506f6c062226756343336e5931bc7da7483c4153f114e45523b

SHA512
663d48d84fab14f504debf41351ed4b0856c467f37b1110c12564d883447c26ad207a2800b2cf131be61ce180c42952feb4bd69c4531a561df698ca0eef5136b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe

Filesize
184KB

MD5
9c459cc3a2ebfc1a411782fa1e8c4de9

SHA1
45e64584b3a274b8dfbea227d42517e9f0ce2da6

SHA256
49a825e8ad95d3b9efad55fb68b01f11748856cc3d3eabf5892759d8055c5b2b

SHA512
307e299c674bd4ad3ea10f2f6b1fd0f9dcfb356af9292d8df640375d75163ecdcc6f31f7b933fc31dad2fa4ab2da1eeba428bd533e09c74e29d6036128659558

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe

Filesize
184KB

MD5
d80a756cc3fadce15f3c5f30ad5ceee8

SHA1
f42b859421b6b7f3a79feaee830b244e8557763f

SHA256
b17230ee2090f56c5d7a452f9f6b515fb9b82f359c855def7283fcd88310beb7

SHA512
5874175e69e9b898313358b96e6cdcb8457f4705c2bb41db2a7dee893fb438dbbec111cd49bbaa57a360f8870ef008262c51e1c0b2fbd5bf0b627293c2c7b4bf

Download Submit