6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
Size

184KB
MD5

77d5a4c89e1ce17a55f341e4362899fd
SHA1

a4c54f55e63f9337bf92db893dec2a86171c155f
SHA256

6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3
SHA512

7fad3846208eee06894f497c6768849b86c48243dd38cfdd8669ed230dc94d2825546cc3eee85b096b3d0d9fa9d6eabd445d11a7288d3e15b791a2c1a7b4348a
SSDEEP

3072:NyJa6kosFJOnu0BWeCgLrKZZhlnViFfn3:Ny+oTu0BBLeZZhlnViFf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-53984.exeUnicorn-15172.exeUnicorn-29925.exeUnicorn-315.exeUnicorn-50907.exeUnicorn-20181.exeUnicorn-24540.exeUnicorn-8758.exeUnicorn-32708.exeUnicorn-6065.exeUnicorn-51737.exeUnicorn-53787.exeUnicorn-3195.exeUnicorn-61955.exeUnicorn-61955.exeUnicorn-502.exeUnicorn-46174.exeUnicorn-15447.exeUnicorn-12515.exeUnicorn-10014.exeUnicorn-44825.exeUnicorn-2401.exeUnicorn-7876.exeUnicorn-22629.exeUnicorn-42495.exeUnicorn-42495.exeUnicorn-15853.exeUnicorn-61524.exeUnicorn-30797.exeUnicorn-24296.exeUnicorn-6013.exeUnicorn-20958.exeUnicorn-14181.exeUnicorn-59853.exeUnicorn-48992.exeUnicorn-3683.exeUnicorn-34964.exeUnicorn-40632.exeUnicorn-44716.exeUnicorn-13989.exeUnicorn-13989.exeUnicorn-48800.exeUnicorn-33018.exeUnicorn-52884.exeUnicorn-2292.exeUnicorn-21520.exeUnicorn-36464.exeUnicorn-41940.exeUnicorn-23274.exeUnicorn-38218.exeUnicorn-14036.exeUnicorn-39610.exeUnicorn-37149.exeUnicorn-57015.exeUnicorn-6423.exeUnicorn-12967.exeUnicorn-14783.exeUnicorn-3922.exeUnicorn-20259.exeUnicorn-43371.exeUnicorn-26865.exeUnicorn-11083.exeUnicorn-46086.exeUnicorn-35225.exe

pid	process
1288	Unicorn-53984.exe
1732	Unicorn-15172.exe
2412	Unicorn-29925.exe
2672	Unicorn-315.exe
2712	Unicorn-50907.exe
2748	Unicorn-20181.exe
2532	Unicorn-24540.exe
2992	Unicorn-8758.exe
1292	Unicorn-32708.exe
1788	Unicorn-6065.exe
1936	Unicorn-51737.exe
1564	Unicorn-53787.exe
2832	Unicorn-3195.exe
3064	Unicorn-61955.exe
1192	Unicorn-61955.exe
2056	Unicorn-502.exe
1328	Unicorn-46174.exe
1740	Unicorn-15447.exe
1860	Unicorn-12515.exe
1128	Unicorn-10014.exe
1916	Unicorn-44825.exe
1360	Unicorn-2401.exe
1380	Unicorn-7876.exe
1868	Unicorn-22629.exe
1928	Unicorn-42495.exe
1616	Unicorn-42495.exe
3040	Unicorn-15853.exe
3020	Unicorn-61524.exe
1500	Unicorn-30797.exe
2932	Unicorn-24296.exe
1068	Unicorn-6013.exe
1088	Unicorn-20958.exe
2204	Unicorn-14181.exe
1284	Unicorn-59853.exe
2648	Unicorn-48992.exe
2540	Unicorn-3683.exe
2696	Unicorn-34964.exe
1736	Unicorn-40632.exe
2588	Unicorn-44716.exe
2140	Unicorn-13989.exe
2560	Unicorn-13989.exe
2960	Unicorn-48800.exe
2172	Unicorn-33018.exe
2408	Unicorn-52884.exe
2028	Unicorn-2292.exe
1604	Unicorn-21520.exe
2944	Unicorn-36464.exe
2304	Unicorn-41940.exe
1636	Unicorn-23274.exe
1156	Unicorn-38218.exe
1872	Unicorn-14036.exe
1660	Unicorn-39610.exe
1924	Unicorn-37149.exe
1864	Unicorn-57015.exe
2880	Unicorn-6423.exe
1348	Unicorn-12967.exe
824	Unicorn-14783.exe
2272	Unicorn-3922.exe
1940	Unicorn-20259.exe
3000	Unicorn-43371.exe
2632	Unicorn-26865.exe
2740	Unicorn-11083.exe
2668	Unicorn-46086.exe
2764	Unicorn-35225.exe

Loads dropped DLL 64 IoCs

Processes:

6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exeUnicorn-53984.exeUnicorn-15172.exeUnicorn-29925.exeWerFault.exeUnicorn-50907.exeUnicorn-20181.exeUnicorn-315.exeWerFault.exeWerFault.exeUnicorn-24540.exeUnicorn-32708.exeUnicorn-8758.exeUnicorn-6065.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
1288	Unicorn-53984.exe
1288	Unicorn-53984.exe
2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
1732	Unicorn-15172.exe
2412	Unicorn-29925.exe
1288	Unicorn-53984.exe
1732	Unicorn-15172.exe
2412	Unicorn-29925.exe
1288	Unicorn-53984.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2712	Unicorn-50907.exe
2712	Unicorn-50907.exe
1732	Unicorn-15172.exe
1732	Unicorn-15172.exe
2748	Unicorn-20181.exe
2748	Unicorn-20181.exe
2672	Unicorn-315.exe
2672	Unicorn-315.exe
2412	Unicorn-29925.exe
2412	Unicorn-29925.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2532	Unicorn-24540.exe
2532	Unicorn-24540.exe
2712	Unicorn-50907.exe
2712	Unicorn-50907.exe
1292	Unicorn-32708.exe
2992	Unicorn-8758.exe
1292	Unicorn-32708.exe
2992	Unicorn-8758.exe
1788	Unicorn-6065.exe
2748	Unicorn-20181.exe
1788	Unicorn-6065.exe
2748	Unicorn-20181.exe
2672	Unicorn-315.exe
2672	Unicorn-315.exe
648	WerFault.exe
648	WerFault.exe
648	WerFault.exe
648	WerFault.exe
648	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2608	2416	WerFault.exe	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
2780	1288	WerFault.exe	Unicorn-53984.exe
1832	1732	WerFault.exe	Unicorn-15172.exe
2808	2412	WerFault.exe	Unicorn-29925.exe
648	2712	WerFault.exe	Unicorn-50907.exe
1692	2748	WerFault.exe	Unicorn-20181.exe
2312	2672	WerFault.exe	Unicorn-315.exe
940	2056	WerFault.exe	Unicorn-502.exe
1056	2532	WerFault.exe	Unicorn-24540.exe
1744	2992	WerFault.exe	Unicorn-8758.exe
1960	1292	WerFault.exe	Unicorn-32708.exe
3052	1936	WerFault.exe	Unicorn-51737.exe
1400	1788	WerFault.exe	Unicorn-6065.exe
348	2832	WerFault.exe	Unicorn-3195.exe
1724	1564	WerFault.exe	Unicorn-53787.exe
2112	1192	WerFault.exe	Unicorn-61955.exe
2060	1328	WerFault.exe	Unicorn-46174.exe
2400	1740	WerFault.exe	Unicorn-15447.exe
956	3064	WerFault.exe	Unicorn-61955.exe
2816	1860	WerFault.exe	Unicorn-12515.exe
332	1128	WerFault.exe	Unicorn-10014.exe
2376	1916	WerFault.exe	Unicorn-44825.exe
1856	1360	WerFault.exe	Unicorn-2401.exe
3036	1380	WerFault.exe	Unicorn-7876.exe
1560	3020	WerFault.exe	Unicorn-61524.exe
2928	1500	WerFault.exe	Unicorn-30797.exe
288	1928	WerFault.exe	Unicorn-42495.exe
1516	3040	WerFault.exe	Unicorn-15853.exe
2692	1868	WerFault.exe	Unicorn-22629.exe
2976	1616	WerFault.exe	Unicorn-42495.exe
2380	1088	WerFault.exe	Unicorn-20958.exe
1528	1284	WerFault.exe	Unicorn-59853.exe
2192	2696	WerFault.exe	Unicorn-34964.exe
2164	1068	WerFault.exe	Unicorn-6013.exe
2012	2648	WerFault.exe	Unicorn-48992.exe
2016	1736	WerFault.exe	Unicorn-40632.exe
3176	2960	WerFault.exe	Unicorn-48800.exe
3204	2408	WerFault.exe	Unicorn-52884.exe
3212	2560	WerFault.exe	Unicorn-13989.exe
3436	2204	WerFault.exe	Unicorn-14181.exe
3492	2540	WerFault.exe	Unicorn-3683.exe
3500	2140	WerFault.exe	Unicorn-13989.exe
3516	2028	WerFault.exe	Unicorn-2292.exe
3640	2172	WerFault.exe	Unicorn-33018.exe
3656	2588	WerFault.exe	Unicorn-44716.exe
3944	1604	WerFault.exe	Unicorn-21520.exe
3860	1636	WerFault.exe	Unicorn-23274.exe
1996	2304	WerFault.exe	Unicorn-41940.exe
3272	2740	WerFault.exe	Unicorn-11083.exe
3704	1820	WerFault.exe	Unicorn-4498.exe
3880	2944	WerFault.exe	Unicorn-36464.exe
3904	1924	WerFault.exe	Unicorn-37149.exe
3968	2580	WerFault.exe	Unicorn-54254.exe
3876	692	WerFault.exe	Unicorn-40631.exe
3924	1392	WerFault.exe	Unicorn-25687.exe
4084	2764	WerFault.exe	Unicorn-35225.exe
3152	1940	WerFault.exe	Unicorn-20259.exe
3320	1080	WerFault.exe	Unicorn-21603.exe
3524	1872	WerFault.exe	Unicorn-14036.exe
3856	1952	WerFault.exe	Unicorn-36377.exe
4008	2640	WerFault.exe	Unicorn-50575.exe
4160	2548	WerFault.exe	Unicorn-62827.exe
4208	2256	WerFault.exe	Unicorn-63574.exe
4308	2568	WerFault.exe	Unicorn-42961.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exeUnicorn-53984.exeUnicorn-15172.exeUnicorn-29925.exeUnicorn-50907.exeUnicorn-20181.exeUnicorn-315.exeUnicorn-24540.exeUnicorn-8758.exeUnicorn-32708.exeUnicorn-51737.exeUnicorn-6065.exeUnicorn-53787.exeUnicorn-3195.exeUnicorn-61955.exeUnicorn-46174.exeUnicorn-61955.exeUnicorn-502.exeUnicorn-15447.exeUnicorn-12515.exeUnicorn-10014.exeUnicorn-44825.exeUnicorn-2401.exeUnicorn-7876.exeUnicorn-42495.exeUnicorn-42495.exeUnicorn-22629.exeUnicorn-15853.exeUnicorn-61524.exeUnicorn-30797.exeUnicorn-24296.exeUnicorn-6013.exeUnicorn-20958.exeUnicorn-14181.exeUnicorn-48992.exeUnicorn-59853.exeUnicorn-3683.exeUnicorn-34964.exeUnicorn-40632.exeUnicorn-44716.exeUnicorn-13989.exeUnicorn-13989.exeUnicorn-48800.exeUnicorn-33018.exeUnicorn-52884.exeUnicorn-2292.exeUnicorn-21520.exeUnicorn-36464.exeUnicorn-41940.exeUnicorn-23274.exeUnicorn-38218.exeUnicorn-14036.exeUnicorn-39610.exeUnicorn-37149.exeUnicorn-57015.exeUnicorn-6423.exeUnicorn-12967.exeUnicorn-14783.exeUnicorn-3922.exeUnicorn-20259.exeUnicorn-43371.exeUnicorn-26865.exeUnicorn-11083.exeUnicorn-35225.exe

pid	process
2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
1288	Unicorn-53984.exe
1732	Unicorn-15172.exe
2412	Unicorn-29925.exe
2712	Unicorn-50907.exe
2748	Unicorn-20181.exe
2672	Unicorn-315.exe
2532	Unicorn-24540.exe
2992	Unicorn-8758.exe
1292	Unicorn-32708.exe
1936	Unicorn-51737.exe
1788	Unicorn-6065.exe
1564	Unicorn-53787.exe
2832	Unicorn-3195.exe
1192	Unicorn-61955.exe
1328	Unicorn-46174.exe
3064	Unicorn-61955.exe
2056	Unicorn-502.exe
1740	Unicorn-15447.exe
1860	Unicorn-12515.exe
1128	Unicorn-10014.exe
1916	Unicorn-44825.exe
1360	Unicorn-2401.exe
1380	Unicorn-7876.exe
1928	Unicorn-42495.exe
1616	Unicorn-42495.exe
1868	Unicorn-22629.exe
3040	Unicorn-15853.exe
3020	Unicorn-61524.exe
1500	Unicorn-30797.exe
2932	Unicorn-24296.exe
1068	Unicorn-6013.exe
1088	Unicorn-20958.exe
2204	Unicorn-14181.exe
2648	Unicorn-48992.exe
1284	Unicorn-59853.exe
2540	Unicorn-3683.exe
2696	Unicorn-34964.exe
1736	Unicorn-40632.exe
2588	Unicorn-44716.exe
2140	Unicorn-13989.exe
2560	Unicorn-13989.exe
2960	Unicorn-48800.exe
2172	Unicorn-33018.exe
2408	Unicorn-52884.exe
2028	Unicorn-2292.exe
1604	Unicorn-21520.exe
2944	Unicorn-36464.exe
2304	Unicorn-41940.exe
1636	Unicorn-23274.exe
1156	Unicorn-38218.exe
1872	Unicorn-14036.exe
1660	Unicorn-39610.exe
1924	Unicorn-37149.exe
1864	Unicorn-57015.exe
2880	Unicorn-6423.exe
1348	Unicorn-12967.exe
824	Unicorn-14783.exe
2272	Unicorn-3922.exe
1940	Unicorn-20259.exe
3000	Unicorn-43371.exe
2632	Unicorn-26865.exe
2740	Unicorn-11083.exe
1152	Unicorn-35225.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exeUnicorn-53984.exeUnicorn-15172.exeUnicorn-29925.exeUnicorn-50907.exeUnicorn-20181.exeUnicorn-315.exeUnicorn-24540.exe

description	pid	process	target process
PID 2416 wrote to memory of 1288	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-53984.exe
PID 2416 wrote to memory of 1288	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-53984.exe
PID 2416 wrote to memory of 1288	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-53984.exe
PID 2416 wrote to memory of 1288	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-53984.exe
PID 1288 wrote to memory of 1732	1288	Unicorn-53984.exe	Unicorn-15172.exe
PID 1288 wrote to memory of 1732	1288	Unicorn-53984.exe	Unicorn-15172.exe
PID 1288 wrote to memory of 1732	1288	Unicorn-53984.exe	Unicorn-15172.exe
PID 1288 wrote to memory of 1732	1288	Unicorn-53984.exe	Unicorn-15172.exe
PID 2416 wrote to memory of 2412	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-29925.exe
PID 2416 wrote to memory of 2412	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-29925.exe
PID 2416 wrote to memory of 2412	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-29925.exe
PID 2416 wrote to memory of 2412	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	Unicorn-29925.exe
PID 2416 wrote to memory of 2608	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	WerFault.exe
PID 2416 wrote to memory of 2608	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	WerFault.exe
PID 2416 wrote to memory of 2608	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	WerFault.exe
PID 2416 wrote to memory of 2608	2416	6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe	WerFault.exe
PID 1732 wrote to memory of 2712	1732	Unicorn-15172.exe	Unicorn-50907.exe
PID 1732 wrote to memory of 2712	1732	Unicorn-15172.exe	Unicorn-50907.exe
PID 1732 wrote to memory of 2712	1732	Unicorn-15172.exe	Unicorn-50907.exe
PID 1732 wrote to memory of 2712	1732	Unicorn-15172.exe	Unicorn-50907.exe
PID 2412 wrote to memory of 2748	2412	Unicorn-29925.exe	Unicorn-20181.exe
PID 2412 wrote to memory of 2748	2412	Unicorn-29925.exe	Unicorn-20181.exe
PID 2412 wrote to memory of 2748	2412	Unicorn-29925.exe	Unicorn-20181.exe
PID 2412 wrote to memory of 2748	2412	Unicorn-29925.exe	Unicorn-20181.exe
PID 1288 wrote to memory of 2672	1288	Unicorn-53984.exe	Unicorn-315.exe
PID 1288 wrote to memory of 2672	1288	Unicorn-53984.exe	Unicorn-315.exe
PID 1288 wrote to memory of 2672	1288	Unicorn-53984.exe	Unicorn-315.exe
PID 1288 wrote to memory of 2672	1288	Unicorn-53984.exe	Unicorn-315.exe
PID 1288 wrote to memory of 2780	1288	Unicorn-53984.exe	WerFault.exe
PID 1288 wrote to memory of 2780	1288	Unicorn-53984.exe	WerFault.exe
PID 1288 wrote to memory of 2780	1288	Unicorn-53984.exe	WerFault.exe
PID 1288 wrote to memory of 2780	1288	Unicorn-53984.exe	WerFault.exe
PID 2712 wrote to memory of 2532	2712	Unicorn-50907.exe	Unicorn-24540.exe
PID 2712 wrote to memory of 2532	2712	Unicorn-50907.exe	Unicorn-24540.exe
PID 2712 wrote to memory of 2532	2712	Unicorn-50907.exe	Unicorn-24540.exe
PID 2712 wrote to memory of 2532	2712	Unicorn-50907.exe	Unicorn-24540.exe
PID 1732 wrote to memory of 2992	1732	Unicorn-15172.exe	Unicorn-8758.exe
PID 1732 wrote to memory of 2992	1732	Unicorn-15172.exe	Unicorn-8758.exe
PID 1732 wrote to memory of 2992	1732	Unicorn-15172.exe	Unicorn-8758.exe
PID 1732 wrote to memory of 2992	1732	Unicorn-15172.exe	Unicorn-8758.exe
PID 2748 wrote to memory of 1292	2748	Unicorn-20181.exe	Unicorn-32708.exe
PID 2748 wrote to memory of 1292	2748	Unicorn-20181.exe	Unicorn-32708.exe
PID 2748 wrote to memory of 1292	2748	Unicorn-20181.exe	Unicorn-32708.exe
PID 2748 wrote to memory of 1292	2748	Unicorn-20181.exe	Unicorn-32708.exe
PID 2672 wrote to memory of 1788	2672	Unicorn-315.exe	Unicorn-6065.exe
PID 2672 wrote to memory of 1788	2672	Unicorn-315.exe	Unicorn-6065.exe
PID 2672 wrote to memory of 1788	2672	Unicorn-315.exe	Unicorn-6065.exe
PID 2672 wrote to memory of 1788	2672	Unicorn-315.exe	Unicorn-6065.exe
PID 2412 wrote to memory of 1936	2412	Unicorn-29925.exe	Unicorn-51737.exe
PID 2412 wrote to memory of 1936	2412	Unicorn-29925.exe	Unicorn-51737.exe
PID 2412 wrote to memory of 1936	2412	Unicorn-29925.exe	Unicorn-51737.exe
PID 2412 wrote to memory of 1936	2412	Unicorn-29925.exe	Unicorn-51737.exe
PID 1732 wrote to memory of 1832	1732	Unicorn-15172.exe	WerFault.exe
PID 1732 wrote to memory of 1832	1732	Unicorn-15172.exe	WerFault.exe
PID 1732 wrote to memory of 1832	1732	Unicorn-15172.exe	WerFault.exe
PID 1732 wrote to memory of 1832	1732	Unicorn-15172.exe	WerFault.exe
PID 2412 wrote to memory of 2808	2412	Unicorn-29925.exe	WerFault.exe
PID 2412 wrote to memory of 2808	2412	Unicorn-29925.exe	WerFault.exe
PID 2412 wrote to memory of 2808	2412	Unicorn-29925.exe	WerFault.exe
PID 2412 wrote to memory of 2808	2412	Unicorn-29925.exe	WerFault.exe
PID 2532 wrote to memory of 1564	2532	Unicorn-24540.exe	Unicorn-53787.exe
PID 2532 wrote to memory of 1564	2532	Unicorn-24540.exe	Unicorn-53787.exe
PID 2532 wrote to memory of 1564	2532	Unicorn-24540.exe	Unicorn-53787.exe
PID 2532 wrote to memory of 1564	2532	Unicorn-24540.exe	Unicorn-53787.exe

C:\Users\Admin\AppData\Local\Temp\6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe
"C:\Users\Admin\AppData\Local\Temp\6c5808d2b80185ddc8099c31469fe30541b1e15763b11b028c509cb78a1703f3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14181.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
10⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
11⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
12⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
13⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39320.exe
14⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
15⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 220
15⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 220
14⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
13⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
12⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
11⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
11⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-2490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2490.exe
12⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
13⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
14⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 220
14⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
13⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
11⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
10⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
11⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
12⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
13⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
14⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 220
14⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
13⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
11⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
10⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
9⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
9⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-43149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43149.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-18173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18173.exe
11⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
12⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
13⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
14⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
14⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 220
13⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 220
12⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
10⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
9⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
8⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
9⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
11⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
12⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
13⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
14⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
14⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
13⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 236
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
11⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
10⤵
- Program crash
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
10⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-212.exe
12⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
13⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
13⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
12⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
11⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
10⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
9⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-12661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12661.exe
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
11⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
12⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
13⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
11⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
9⤵
- Program crash
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
8⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
7⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
9⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
10⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
11⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-63860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63860.exe
12⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
13⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
14⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 220
14⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
12⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
11⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
10⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
12⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
13⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 220
13⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 220
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 220
9⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
11⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
13⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
12⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
11⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
9⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
8⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
11⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
12⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
13⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
12⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
10⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
12⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 236
12⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
11⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 220
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
8⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
7⤵
- Program crash
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
6⤵
- Program crash
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
9⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
10⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
11⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
12⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
13⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
14⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
14⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
13⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
12⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
11⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
10⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
10⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
11⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
12⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
13⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
13⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
12⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
11⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
10⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
9⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
8⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 220
12⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
11⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
9⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
8⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
8⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
10⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
11⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
13⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 236
13⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
12⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
10⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
9⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
10⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
11⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
7⤵
- Program crash
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
9⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
12⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
13⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
12⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
12⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
9⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
8⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-31800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31800.exe
8⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
11⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 220
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
10⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
7⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
6⤵
- Program crash
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16149.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
12⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
13⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
14⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
14⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
13⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
11⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
12⤵
PID:11432

C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
13⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
8⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
13⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 216
13⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
12⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
11⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 216
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
8⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
12⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
13⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
12⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 212
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
7⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
8⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
11⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
8⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
10⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
11⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
12⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
7⤵
- Program crash
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
6⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-32568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32568.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
10⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
11⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
12⤵
PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 236
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
9⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
8⤵
- Program crash
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
7⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
6⤵
- Executes dropped EXE
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
7⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
7⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
8⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
9⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
10⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
11⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 220
11⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
10⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 220
9⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
8⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
6⤵
- Program crash
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
5⤵
- Program crash
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
6⤵
- Program crash
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
12⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
10⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
11⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
12⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
12⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
8⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
7⤵
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
7⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
10⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
11⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 220
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
8⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
9⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
10⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
11⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 216
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 220
10⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
9⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
8⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
7⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
6⤵
- Program crash
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
5⤵
- Program crash
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-29963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29963.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 212
12⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
10⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
11⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 212
12⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 220
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
7⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
10⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
11⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
12⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 220
12⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 220
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11083.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
10⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
11⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
12⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
8⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
7⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 220
6⤵
- Program crash
PID:288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
5⤵
- Program crash
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
8⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
9⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
11⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
12⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
13⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
14⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
14⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 220
13⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
12⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
11⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
12⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 216
13⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
10⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
12⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
13⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
13⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 220
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
9⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
8⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
11⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 236
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
10⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
11⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
12⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
7⤵
- Program crash
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
8⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
10⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
12⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
13⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
13⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 236
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
11⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
10⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
11⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
10⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
10⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
11⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
12⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 220
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
8⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
7⤵
- Executes dropped EXE
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-28998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28998.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
10⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
11⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
12⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
11⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
8⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
10⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
11⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 220
12⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 236
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
10⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
8⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
7⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
6⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
7⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
10⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
11⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
12⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 220
12⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 220
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
8⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
7⤵
- Program crash
PID:3968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
6⤵
- Program crash
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
5⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
8⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
12⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 200
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
9⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
8⤵
- Program crash
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
10⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
11⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 236
11⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
10⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
6⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50959.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
11⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
8⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
9⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
10⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
10⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
9⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
8⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
6⤵
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
7⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
10⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
11⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
8⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
9⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
10⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
11⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 220
11⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
10⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
9⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
7⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
6⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
8⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
9⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
10⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
11⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
11⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
10⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
9⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
8⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
7⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
6⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
5⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
7⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
11⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
11⤵
PID:9540

C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 240
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
9⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
8⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
7⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
10⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39507.exe
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
10⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
8⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
7⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
6⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
10⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
10⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
8⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 236
7⤵
- Program crash
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe
6⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
9⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
10⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
11⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 236
11⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
10⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
8⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
7⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
6⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
7⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
8⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
9⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe
10⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
10⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
9⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
8⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
7⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
6⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
5⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
4⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
2⤵
- Program crash
PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-212.exe

Filesize
184KB

MD5
e15695aee98c8a351325f860c92e2e12

SHA1
01fa41b12c64e456d80f396df2b09b78b31eef1b

SHA256
80219f1bb62e05de59141baa2d889ec930005e2c94ac5be4e5394a6de0c42bea

SHA512
eddec7ec6b298c2b8c98944b1ea164b5ac441838e49d4f03a37ef522be51d1c3db00c9d25bb0c158de11d2d5a5715abd1f5b1ded30c7cf8b2aa465b06a1e2122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe

Filesize
184KB

MD5
3d9246b67f5b45bc0b4598ed5347fe60

SHA1
3573c8a758dc78c5ef097bf3018eb3e2770a449d

SHA256
e720d8357133b6ec74f0a59b5537619d7638fa43ebea306761f770819399dfa9

SHA512
8eec2bda9c0ded9c3e3506113a5843b6d467fef8bd7ebec2b6e4511cc2c812c84ca320d381d5aa4fe918db769479f2e4e592cf29c6db003ec608a6f0b3d22225

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe

Filesize
184KB

MD5
6cc0ef687611a8f77d5eb334b50e3d1e

SHA1
030e91cf2ad1f9b3a2662612d34cea9a01c9b281

SHA256
5b0874c46e777ce380b1ec2f4e9494985402589906986659970531793df354f7

SHA512
beb9c56d4010f93042f0857a7809f9f3f8ad4311964722c9e91781ed7a43a95c1c42d662ef264395bfce85f28aa9d84f998c02c09b5ada2e8c22334ed819f0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe

Filesize
184KB

MD5
ffa70190d65968146c0fecf9b4cd7f32

SHA1
541745b5165253b82d490a366f60cbbdde3c9523

SHA256
18b1d8ff295131a9f5eca531869f0a618b5f3a6f6a202af2f77af996a1173ba3

SHA512
7a1b02fcf4c40708ea45a714ac6e9ca1ac4ef8e3938a445638cacfa3b1e5d671d935e2988bb056cff9b9dc4bd99c5a09961d889a153c4ee7467b1437d1ba0a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32657.exe

Filesize
184KB

MD5
fad0f0a1c252434cead8dfb8d0f0cdd3

SHA1
c7db7880e572aa7953746ecfdd82960667eb106e

SHA256
52e3a2be76d0dbd7da623d3a7474c6d1cca55d3b693b7f49016e74764cf28324

SHA512
f6fb92a0793ed180fbadeb3e89e2c9202076de5fd1aca397145ef4f5ca4861f88c30ca5c02c78e5d544e6d408fcf52d4e6d00dae08ac2cb98469cf87f53f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe

Filesize
184KB

MD5
8ace05722ada81ab0c4e9bb6d8aef344

SHA1
2aa8196a9717828297c55f756160aa01eb3401e1

SHA256
96e056c109a1a7b3d9552a30ab6124fe6ec937eaf8cafbb91e79ee98a277287a

SHA512
4f1b7f03d22395293cb9c48330f1576630355c4c8c0ca544f3ed6c55329ec10f9374748ba91470b5a24b2e2208cb8e82cc83da406b0c4cbfcbd943d04e0db493

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe

Filesize
184KB

MD5
f306618931842985407effbbf766c4ff

SHA1
68d89c3bef985be68e52b56229146499e5c26a5a

SHA256
e378c78af90b3ea77ff7f08b9f7f9b7a65328713e1bddd6b222de96483ec4302

SHA512
a12ebaa9eb608cf6eafdaea53d101035dadf2f45b15f811596a438b184862bf478a6c5aa8c6562c2580db177c175824a762e25d9b45687a10952087c68ba53f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe

Filesize
184KB

MD5
0a288c2997a544086b531a01815b256c

SHA1
a599356163198ee7166b64f28b46ef13cc4e2eae

SHA256
cf175ac9bea66987748d9842a03d8015ee693a9fad4a5caa51a1f800f6025844

SHA512
9062c764a3ea37e73e660e0e98603dfdab66139057322ff68ba0eae35fab379ee3f66c273adac02e5677a6855cf8ab49acb4e55c5d71a4e0433b2e1e3404f5dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe

Filesize
184KB

MD5
91e2a36ddb0e99936406d3a31aaa2bc2

SHA1
e0f93b38e6acd6c0bf1ee9f4d4a7857ae21a44b5

SHA256
8074a6e332b2b4059d899754f34dd06dcea41abfb12cae1f840cac94ed734d9c

SHA512
3a5b773ab536552be4bcdc8b600c1a70edecad0c7c34a26626597c4e85799b8ec2fb4a01c7af30760bc27566a1bcb192258a1e63f03a95e029f334096ac1d28b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe

Filesize
184KB

MD5
82ad9c350e5a7149977fa3277da66b3b

SHA1
7a709a3aa438ccd04496ddaa332b2399771fb41b

SHA256
a02cc36c74d52a64c4e1e82db5e207dff67bf71f28b4ccfa0347428bf0e4c2f9

SHA512
0ef078d3f8231c00610148b5a759c32da7d94bd782b123f4f854e92154a0acc1fabd081687e6fdb7beb279d656480ba58c40b191e818c9495b00120a47134df2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe

Filesize
184KB

MD5
417e62ec3a3e788c558d3fc7abb1f381

SHA1
138c017e54ffb80b0d9ee2f5a526248dba4df79c

SHA256
b30695b93eb565f404939e38059eabf90984097fcecc3a0bc39122cc656e2857

SHA512
a12c2ce5a3a3643f4b197572e68fc1c8cf7be5bb35d210c473c153f261d99a0f00020124d0a424643f6be42217f0bc4be5775c615c3fd729f2c39285fcf89d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe

Filesize
184KB

MD5
09fe3e279a68e22edc4958e306300536

SHA1
0fa304d27ec45e446be0a59f615c6679298494df

SHA256
afa26a722a47d71b11a290c868652bb243b82c6e2bb5784824b9fbc689a0f0f4

SHA512
24de18c8632cb43c2f4d776134edc0799090a7fa76460c0917860d3797e0aa06be82b210f86473453d16a9221ff5e98415b37fb3c9d34ab0b1c61a75e0ca93c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe

Filesize
184KB

MD5
8cbb892f8db6133e93f7d993ecbe9ff0

SHA1
237b0b8e0c8c42fc38349d0fad8b6f6af5ef9917

SHA256
99d4f9415c95c29450f81fb25c9e529a1478ee075ac2c8704884eb8f6afb25d9

SHA512
0ca93ed6598200d408b20921ec70f88a0a5ec7010e3f752ed78c938bbc2722961e6e2294bb70236861e7c51169c3552ff4ccfb7947c67231383f613eb990d67e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe

Filesize
184KB

MD5
c0f0b0d50383b237d61cfe047320fcdb

SHA1
f78a5abec89f2bb89bc1762c3189db9271c297bd

SHA256
3f8ea6c4a26d981ae1c030297a32722d8eed4ecfb7bb04eadbb2794d3e9d4e98

SHA512
1c69c3c11edd4fb787c9bccae180c209cb7607504cce03b1df73c497f72bf26824d13740be6c9530d210e113c5585125f985e33e3a3aede0688bb94bd03f7a31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe

Filesize
184KB

MD5
bf1483b6cd6751f431c6d3d30911d372

SHA1
4203e7b7945705422a11bdf0618a20b5c82b407c

SHA256
afcb32ae57a08f3e699deae30025f6ad3e6d078f584c2264cfef9e2af1be2d29

SHA512
aa26ffcf43bce629c57281a55559ffee42a9d86c420bb3cdd09687974ecd5865a96eea2af61789edb35c3b9e61e2bebe21e9c9f248cb506ad20cac6c60dcd51d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe

Filesize
184KB

MD5
24e5fc15d4deb89ff11e1365b0325343

SHA1
57cb21a014b2167eab7632bb239e7429820425f9

SHA256
5facd4733500addbc2c75bc677467c40927370ddf06996f062a1a2e634f7c7ad

SHA512
d731e3afb09aa8da9afd30309fcc8fb16ea8745945a33c2cdeeae1a13a60f90646a2f9f785bccb8e7be6d5fd370e261d8ea188270a8a627646932865639d6d40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe

Filesize
184KB

MD5
10a8990bf3f97bd6438db8e1928f0331

SHA1
ae530b3df96c98f08d927285d578d5018319a6b3

SHA256
3d58f3b23340b31863559d712c8d82df8a7f03093021838d88ce251a0e78d4bf

SHA512
0af87a9fb01426cee4b3b044f3c36103db6178d31e010c95a1ecbd8b0ce66fb6e99d9dfaa02640091ca86b4c8bb7d53112b07da3612ded30e34f494bcbe25852

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe

Filesize
184KB

MD5
c7bc65839aa40c9736b47f00ef0f98a3

SHA1
e87a8f2066262ae883b692a90cf0cf8cee8d98b9

SHA256
f456abc47f2414612830c98d27645fe7e29c8880ca1b04559c087ccdb1c71b47

SHA512
4f4289690950ad248f51d99d0165f111940c8e47e3fd2af3012e9e157ccf90f2a3f319ee23a5fbf2432fd6385df117839c66b88dc195fbb706658e9727184258

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe

Filesize
184KB

MD5
9efd3e9126b960d06c10d27259fc5640

SHA1
5b4b304baf42168b892d0a0937c0abfdc49f39d1

SHA256
dc20055f9958b4a3dcf5418d1bc314ff42e8a09887e15170e92e66836fd30624

SHA512
38e71dc96e137c02ceb795dfda1d6064cd49d01ebb49045c74213c16480e6edaee618da320879cda8ae6d7470bf23ece56cf7fe5bf9efbac4dba54b76196536b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe

Filesize
184KB

MD5
137a60256ced7afab44cd81f3f730b30

SHA1
047c8993a7ef0443740804dbc417b8e37726e109

SHA256
efe31a53136c45afef00ba5b2ad79c2ba9ea533ee0019fa7e7d35d295367f517

SHA512
dee87a7161a7489811b09cd8f2a143c04f5766157f75d0857dd035b01db2a0fa9d0c8ec09233c897efdb9c77819d14906e78719e5dddce497aeaa3f8a7d0fbff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe

Filesize
184KB

MD5
e3860633c7a4571433b4062ac44afda4

SHA1
82c26480b7bdc3170e3f6e6ad92b5e4f5c947984

SHA256
dee403b2880013a7d32ecc169e0a96d00983e58ae6953b1fd171dfdbf5ecff28

SHA512
9450c03ad206fefa7ef471d4327a1cd41946fcb98e1cdca36e69033f8675fdb5b54907b05748e3cc6e807fc0c2843e06653434120dfaa40cddd1f33bacb731f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe

Filesize
184KB

MD5
ba9a3f6229c97f9da460aec7d3493b20

SHA1
5ebb7f206a2512a00c52ce41ba9a899643a9fde0

SHA256
657a0778a0fa6006bbfa97f4f7b70176ea45954a7ddf922e3d0dda009289b1d7

SHA512
f2e9d95e307bf68cdc5e426d8b93aa7480ceb81bbb4ed1f233313b9031083dbd80ce26083680fc4d9cef60b791058748529ef8540ca264e85aab8efcdec34ea8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe

Filesize
184KB

MD5
3e802ac671830152211a3d2164322b9a

SHA1
dd0224f8d9aea1b62b1fb3c7f303442bb587a1ed

SHA256
44df7117e9f2c2617b6ffd0aef1d8260d00f2b279ec18056ce4c7250dedde92c

SHA512
3fa20f740a55497518a6c4ef7d3932a28bbb3c49cd4970af675f9f4c5d24b2d95593ad0e8598a1f8c195362004b4c538bba2eb1d42f5b3e55ab3691ac0c9981b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe

Filesize
184KB

MD5
717667f6d3782901e3ad4a62b2af1043

SHA1
36679cb1b170931669fe808136e6806ab8f8d8b8

SHA256
62f3eaedc0aae999ab6301955c3e3bee14fdd6c020012b20775b442dfffc59dc

SHA512
258f4a345c75eff01b94fe7f4b18a9d26849e882a7a232fb68ca4c39262cd9d47cfc3708f3ac5b8cc17da5dfc62d8374042839f63f03488ebf091e9e7d7621d6

Download Submit